Hi, >>If I wanted to use SPF in spamassassin to block spoofing attempts >>against my domain, how would I do that? > > Simply put all approved mail servers that you allow to send email with an > envelope-from domain of your domain in your SPF record and it won't > matter what the receiving server is. It can be your server, my server, or > any SA will hit SPF_PASS. Then if any other server tries to send with an > envelope-from of your domain, your SA and others will hit SPF_FAIL.
The problem is that SPF_FAIL has a very low score. I need to make sure spoofing attempts using my domain are always blocked. >>Can I create a meta that combines SPF_FAIL with the From header for my >>domain to do this? > > Yes you can but you don't have to. You should setup scoring and train > your bayes database so all SPF_FAIL will be blocked equally. You don't > have to do any thing special for your own domain spoofing. Focus on > getting all domain spoofing detected properly and yours will automatically > be included. More specifically, we're being hit by spear-phishing attacks, where there really are no other rules that hit. I realize this is only going to get the lazy spammer that actually tries to spoof the envelope-sender, but that seems to be quite a few of them. Thanks so much. Alex
