On Tue, 9 Aug 2016, Anthony Hoppe wrote:
Someone out there has decided to spoof our domain and send us spam. My
first thought was that SPF checks were not working, but in analyzing the
headers of a message one of our users received SPF_FAIL is triggering,
but the weight is very low. My first thought is to increase the weight
of SPF_FAIL, but I'm not sure what unintended consequences this may
create?
If increasing the weight of SPF_FAIL is not a good course of action,
what do the mighty members of this list suggest?
I only have one MX, and it rejects up front any HELO on the internet side
that claims to be from my domain. Legit mail from my domain will only ever
come from the private side.
You could score a meta of SPF_FAIL + return-path in your domain as a
poison pill, but as others have said, these shouldn't make it all the way
to SA.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
What nuts do with guns is terrible, certainly. But what
evil or crazy people do with *anything* is not a valid argument
for banning that item. -- John C. Randolph <j...@idiom.com>
-----------------------------------------------------------------------
6 days until the 71st anniversary of the end of World War II