On Tue, 6 Jan 2015 at 00:46 +0100, Reindl Harald wrote: =>Am 06.01.2015 um 00:06 schrieb RW: =>> On Mon, 05 Jan 2015 22:58:55 +0100 =>> Reindl Harald wrote: =>> > Am 05.01.2015 um 22:54 schrieb Benny Pedersen: =>> > > Reindl Harald skrev den 2015-01-05 18:52: =>> > > > how can "SPF_HELO_PASS,SPF_NONE" fire both? =>> > > =>> > > the above is 2 diff tests =>> > =>> > i know that by myself *but* if the sending domain does not publish =>> > any SPF policy then there should be no positive score for =>> > "SPF_HELO_PASS" =>> =>> It doesn't have a positive score: =>> =>> score SPF_HELO_PASS -0.001 => =>that is a positive score in context of "less spam probability" just because =>somebody sends a HELO command - frankly all day long zombies send HELO =>commands of known domains up to fake PTR's
What does (not) having a SPF record and passing or failing have anything to do whether a message is spam or not? SPF has to do with sender policy and is an anti-forgery tool. It is not a anti-spam tool. (A forged message may equal spam to most people, but a spam message does not always equal a forged message.) Similar idea with DKIM. Both allow the domain owner to assert ownership of a particular mail flow, but doesn't say ANYTHING about the domain owner. Again, how much spam mail passes both SPF and DKIM tests? Where SPF/DKIM enter into anti-spam is they tie an domain owner to mail flows such that a reputation system can build built. Not sure about your mail flow, but we get LOTs of spam that passes (one or both) SPF checks. =>if the envelope domain don't push a SPF policy *only* NO_SPF should hit And back to the original question in post....see <http://www.openspf.org/FAQ/Common_mistakes#helo> To publish/not publish and what to publish in an SPF record discussion should probably be moved to spf-discuss or spf-help at <http://www.openspf.org/Forums>. -- *********************************************************************** Derek Diget Office of Information Technology Western Michigan University - Kalamazoo Michigan USA - www.wmich.edu/ ***********************************************************************
