On Tue, 06 Jan 2015 00:46:18 +0100 Reindl Harald wrote: > > > Am 06.01.2015 um 00:06 schrieb RW: > > On Mon, 05 Jan 2015 22:58:55 +0100 > > Reindl Harald wrote: > >> Am 05.01.2015 um 22:54 schrieb Benny Pedersen: > >>> Reindl Harald skrev den 2015-01-05 18:52: > >>>> how can "SPF_HELO_PASS,SPF_NONE" fire both? > >>> > >>> the above is 2 diff tests > >> > >> i know that by myself *but* if the sending domain does not publish > >> any SPF policy then there should be no positive score for > >> "SPF_HELO_PASS" > > > > It doesn't have a positive score: > > > > score SPF_HELO_PASS -0.001 > > that is a positive score in context of "less spam probability" just > because somebody sends a HELO command - frankly all day long zombies > send HELO commands of known domains up to fake PTR's if the > envelope domain don't push a SPF policy *only* NO_SPF should hit
As I pointed-out the -0.001 is a nominal score assigned to informational rules. The point of helo tests is when they fail. If a compromised host is telling you it's not permitted to send email then what does it matter if the (probably spoofed) envelope domain doesn't have an SPF policy.