Thought you would be interested, a facebook phishing email (yes, it is,
) with SPF_PASS
(reminding EVERYONE, SPF IS NOT A SPAM VS HAM INDICATOR AT ALL)
yes, I publish SPF, I used it in meta rules.
this one passed because sender used a envelope from in the ip range of
the spf rules.
<http://secnap.pastebin.com/zTmkSc6J>
ps, scored a 3.5 here. by now, hopefully, it scores higher with
razor/dcc/spamcop, urlbl, etc.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
* Best in Email Security,2010: Network Products Guide
* King of Spam Filters, SC Magazine 2008
______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
______________________________________________________________________
