On Thu, 8 Aug 2013 21:31:59 +0000 Franck Martin wrote: > > On Aug 8, 2013, at 10:49 PM, John Hardin <jhar...@impsec.org> wrote: > > > On Thu, 8 Aug 2013, Quanah Gibson-Mount wrote:
> >> How is .001 in any way considered a "large" penalty? Comments can be useful when they agree with reality, but all too often they are just preliminary opinions that never get corrected. > > SPF is _by itself_ not useful as a spam sign. > > > > If you're seeing a lot of facebook spam that fails SPF because it's > > being forged, then a rule that checks SPF_FAIL *IF* the mail claims > > to be from Facebook, and adds a point or two, would be more > > reasonable. > > > Facebook dkim signs all their emails with the domain > facebookmail.com, so you may have better luck using the ADSP rules... dkim is generally the better way to go since legitimate emails can fail SPF due to forwarding.