On 10/14/2016 3:43 PM, Kris Deugau wrote:
Petr Bena wrote:
Is there any way to get spam assassin to actually figure out that e-mail
is spoofed even if it's obviously easy to figure out?
Consider the case of, oh, say, this message.  Or virtually every other
interactive mailing list on the Internet.

Were you to do an SPF check on the From:, you would see it softfail,
because so far as your incoming server is concerned, it does not
originate from the allowed IP block that matches the SPF
record for vianet.ca, it originates from the list server.

There are many more similar cases where the From: has no technical
relation, just a real-world business relation, to the envelope sender

On the other hand, SA is a points-based system. If you checked SPF based on the From header, you could then whitelist known list servers and other exceptions and add a point or so to the rest. If you set the score at 0.001 and monitored the non-spam hits for a while, you could probably come up with a pretty good list of exceptions before upping the score. (Of course this assumes you are in a position where you can legally look at the messages passing through your system.)

It could be helpful, or there could be too many exceptions to be useful. I'd say it's worth a try to see what happens.


Reply via email to