Some mail providers require things like rDNS and SPF nowadays. I was idly wondering if I could implement a no SPF weight.
It was inspired by a piece of mail I processed today. The mail said it was from someone on the same domain, but when I checked the Declude log, it used a completely different sender when processing. It failed the FROMNOMATCH but I don't put a lot of weight on that one. The actual sender domain didn't have an SPF record, but the one it was "spoofing" did, but that of course wasn't consulted. I saw this from Message Sniffer: X-MessageSniffer-Identifier: c:\SmarterMail\Spool\proc\work\-12251304886.eml X-GBUdb-Analysis: 0, 64.135.42.242, Ugly c=1 p=-0.0621177 Source Normal X-MessageSniffer-Scan-Result: 0 X-MessageSniffer-Rules: 0-0-0-2622-c But I didn't see Message Sniffer mentioned in the tests failed. 07/02/2014 09:22:08.173 -12251304886 Tests failed [weight=2]: CATCHALLMAILS=IGNORE[0] CATCHALLMAILS-1=IGNORE[0] CATCHALLMAILS-2=IGNORE[0] CATCHALLMAILS-3=IGNORE[0] CATCHALLMAILS-4=IGNORE[0] NOLEGITCONTENT=IGNORE[0] IPNOTINMX=IGNORE[0] UBL=WARN[4] MAILSPIKE-H4=IGNORE[-4] FROMNOMATCH=WARN[2] I should probably comment out MAILSPIKE-H1-H4 since it gave a negative weight to a phishing message here. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Darin Cox Sent: Wednesday, July 02, 2014 12:06 PM To: [email protected] Subject: [MBF] Re: No SPF I don't think there is that capability, but I'm also don't think there would be much value in it. An extremely high FP rate would be expected from a test like that. Darin. -----Original Message----- From: Michael Cummins Sent: Wednesday, July 02, 2014 11:52 AM To: [email protected] Subject: [MBF] No SPF I see these: SPFFAIL SPF FAIL x 8 0 SPFPASS SPF PASS x -1 0 How do I ding people that don't even have an SPF record? ############################################################# This message is sent to you because you are subscribed to the mailing list <[email protected]>. To unsubscribe, E-mail to: <[email protected]> To switch to the DIGEST mode, E-mail to <[email protected]> To switch to the INDEX mode, E-mail to <[email protected]> Send administrative queries to <[email protected]> ############################################################# This message is sent to you because you are subscribed to the mailing list <[email protected]>. To unsubscribe, E-mail to: <[email protected]> To switch to the DIGEST mode, E-mail to <[email protected]> To switch to the INDEX mode, E-mail to <[email protected]> Send administrative queries to <[email protected]> ############################################################# This message is sent to you because you are subscribed to the mailing list <[email protected]>. To unsubscribe, E-mail to: <[email protected]> To switch to the DIGEST mode, E-mail to <[email protected]> To switch to the INDEX mode, E-mail to <[email protected]> Send administrative queries to <[email protected]>
