In part because headers added by servers not trusted by local SA may be
considered advisory but not trusted for hard local judgements.
IE a remote MTA server can put anything in the headers that they want, only
trust what you find from your local trusted MTA
On Wed, 29 Jan 2025, Tom Williams via users wrote:
Hi! Casual observer here, but I have a question about the headers.
On 1/29/25 12:23 AM, Niamh Holding wrote:
(snip)
Authentication-Results: spf=softfail (sender IP is 2a01:111:f403:48::209)
smtp.mailfrom=euroland.fr; dkim=pass (signature was verified)
header.d=paypal.com;dmarc=pass action=none header.from=paypal.com;
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning
euroland.fr discourages use of 2a01:111:f403:48::209 as permitted sender)
(snip)
Why wouldn't the SPF softfail messages not trigger some kind of rule?
Especially the "discourages use of" message. Also, I noticed
Spamassassin 3.4.6 is being used. Would Spamassassin 4.0 have done a better
job at processing these headers?
Thanks!
Tom
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center, 103 S Capitol St.
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
