--On August 8, 2013 5:14:12 PM -0400 "David F. Skoll"
<d...@roaringpenguin.com> wrote:
On Thu, 8 Aug 2013 13:49:18 -0700 (PDT)
John Hardin <jhar...@impsec.org> wrote:
SPF is _by itself_ not useful as a spam sign.
Indeed. In my experience, most SPF "softfail" results and a fairly large
fraction of SPF "fail" results are from misconfigured domains whose
administrators don't bother making correct SPF records.
Additionally, SPF "pass" is (in my experience) a slight indicator of spam
because spammers are a bit more diligent about trying to get their
messages to pass SPF than many legitimate senders. :(
+1 to John's comments about domain-specific SPF scores. For certain
domains, an SPF fail is a strong indicator of spam or phishing. These
are the domains I score strongly for SPF fail:
adp.com, aexp.com, apple.com, bankofamerica.com, bbb.org, bmo.com,
chase.com, discover.com, dnb.com, ebay.com, emailinfo.chase.com,
id.apple.com, inbound.efax.com, irs.gov, newegg.com, paypal.com,
verizonwireless.com, welcome.aexp.com, wellsfargo.com
as well as my own domain, roaringpenguin.com.
I would love to see your rules here so I can see how you did it. I don't
see if/and in the SA docs on rules.
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
