Re: [Asrg] SPF abused by spammers

[Peter Bowyer <peeebeee at gmail.com>]

On Thu, 9 Sep 2004 14:44:51 +0100, Matt Sergeant
<msergeant at messagelabs.com> wrote:
> On 9 Sep 2004, at 14:28, Peter Bowyer wrote:
> 
> > An SPF 'pass' is not, and was never intended to be, an indicator that
> > a message is spam.
> 
> I know you meant "non-spam" here.

Kind-of - I think I actually meant that an SPF Pass is not a positive
or negative indication of spam.
 
> However what *was* more interesting about the Cyphertrust report was
> their stats on SPF fail results. This showed that more non-spam was
> resulting in SPF fails than spam was.

Yes, we're seeing some FPs. Mostly down to bugs in the SPF library,
though - we've had to whitelist a well-known legitimate email marketer
because although their SPF looks fine, the libspf2 library is coming
up with 'fail' - need to look at that one.....

> There are any number of conclusions you can draw from this, I
> personally think it just shows that spammers know better where their
> mail is coming from than non-spammers.

:-)
 
> I also heard that the Apache SpamAssassin crew did similar tests and
> found similar results.

The CipherTrust report has been discussed on the SA list, info from
there is that an SPF Pass is a very, very slight ham indicator (0.01
IIRC). So as near neutral as you can get.

Peter

_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg