Re: Why no points for SPF_NONE?
On Sun, 21 Mar 2021 11:34:09 -0400 Greg Troxel wrote: > Steve Dondley writes: > > > I'm learning a bit about spamassassin rules and taking a peek at how > > my inbound mail is scored. I noticed that PF_NONE scores zero points > > by default. I'm wondering if there is a good reason for not giving > > it a score and whether I should set that to something much higher > > like 1.0. > > > > I'm curious to know what more experienced people have this set > > to. Thanks. > > The meta point is that scores are normally set by examining a large > corpus of ham and spam. You are implicitly adopting a theory that > SPF_NONE is correlated with spamminess, but you have not validated > that theory. The score of SPF_NONE is not set automatically and it was only turned-on as an informational rule a couple of years ago. The score distribution, in rule QA suggests it would stand a higher score. However, the KAM rules contain: header __KAM_SPF_NONEeval:check_for_spf_none() meta KAM_LAZY_DOMAIN_SECURITY (!__DKIM_EXISTS && __KAM_SPF_NONE) scoreKAM_LAZY_DOMAIN_SECURITY 1.0 This is better than scoring SPF_NONE directly as the check for a DKIM signature will mitigate SPF_NONE hits that are caused by networking problems.
Re: Why no points for SPF_NONE?
Steve Dondley writes: > I'm learning a bit about spamassassin rules and taking a peek at how > my inbound mail is scored. I noticed that PF_NONE scores zero points > by default. I'm wondering if there is a good reason for not giving it > a score and whether I should set that to something much higher like > 1.0. > > I'm curious to know what more experienced people have this set > to. Thanks. The meta point is that scores are normally set by examining a large corpus of ham and spam. You are implicitly adopting a theory that SPF_NONE is correlated with spamminess, but you have not validated that theory. Certainly if you have preferences you are welcome to set them in your own system. I score up icky things like HTML-only mail, mail where the text and html don't match, etc.. Basically when someone is doing things that violate standards or best practice, I'm less interested in reading it. However that is quite different from whether it is spam. In my case, I tend not to request content that has these issues, and thus *for me* mail that is nonconforming has a higher likelihood of being spam than would be true for a mailbox operated by a normal person. So, if when you get mail from your friends that is SPF_NONE, you hassle them about it and ask them to add an SPF record, maybe SPF_NONE is a clue of spam for your inbox. I find only a small % of both my ham and spam has SPF_NONE. I therefore don't think it has much predictive value. signature.asc Description: PGP signature
Why no points for SPF_NONE?
I'm learning a bit about spamassassin rules and taking a peek at how my inbound mail is scored. I noticed that PF_NONE scores zero points by default. I'm wondering if there is a good reason for not giving it a score and whether I should set that to something much higher like 1.0. I'm curious to know what more experienced people have this set to. Thanks.