On Thu, 8 Aug 2013 13:49:18 -0700 (PDT) John Hardin <jhar...@impsec.org> wrote:
> SPF is _by itself_ not useful as a spam sign. Indeed. In my experience, most SPF "softfail" results and a fairly large fraction of SPF "fail" results are from misconfigured domains whose administrators don't bother making correct SPF records. Additionally, SPF "pass" is (in my experience) a slight indicator of spam because spammers are a bit more diligent about trying to get their messages to pass SPF than many legitimate senders. :( +1 to John's comments about domain-specific SPF scores. For certain domains, an SPF fail is a strong indicator of spam or phishing. These are the domains I score strongly for SPF fail: adp.com, aexp.com, apple.com, bankofamerica.com, bbb.org, bmo.com, chase.com, discover.com, dnb.com, ebay.com, emailinfo.chase.com, id.apple.com, inbound.efax.com, irs.gov, newegg.com, paypal.com, verizonwireless.com, welcome.aexp.com, wellsfargo.com as well as my own domain, roaringpenguin.com. Any others the list would like to suggest? Should SpamAssassin come with a built-in list? Regards, David.
