You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Russell Jones <rj...@eggycrew.com> on 2008/02/27 20:02:47 UTC
No SPF_FAIL flag, why?
This email was received and is very much spam, (February 77% off, Viagra
HTML spam), and was sent to this user FROM this user (which they
obviously did not spam themselves). What can I do to make the score
higher than what it was scored, as well as why didn't the SPF fail? The
record for pittershawn.com has an SPF record that clearly states it can
only come from 1 IP address.
Below is the email in question. Thanks for your help!
Return-path: <pp...@pl4jg>
Envelope-to: pp@pittershawn.com
Delivery-date: Tue, 26 Feb 2008 02:52:40 -0600
Received: from mail by mail.eggycrew.com with spam-scanned (Exim 4.67)
(envelope-from <pp...@pl4jg>)
id 1JTvYE-0000lf-KO
for pp@pittershawn.com; Tue, 26 Feb 2008 02:52:40 -0600
X-Spam-Checker-Version: SpamAssassin 3.2.0 (2007-05-01) on
server1.eggycrew.com
X-Spam-Level:
X-Spam-Status: No, score=-0.3 required=5.0 tests=AWL,BAYES_00,
HTML_IMAGE_ONLY_28,HTML_MESSAGE,MIME_HTML_ONLY,MISSING_DATE,RDNS_NONE,
URIBL_JP_SURBL autolearn=disabled version=3.2.0
Received: from [212.82.194.35] (helo=shavanova)
by mail.eggycrew.com with smtp (Exim 4.67)
(envelope-from <pp...@pl4jg>)
id 1JTvYE-0000lb-31
for pp@pittershawn.com; Tue, 26 Feb 2008 02:52:38 -0600
X-Mailer: CME-V6.5.4.3; MSN
Received: (qmail 21081 by uid 536); Tue, 26 Feb 2008 10:38:47 +0200
Message-Id: <20...@shavanova>
To: <pp...@pittershawn.com>
Subject: February 77% OFF
From: <pp...@pittershawn.com>
MIME-Version: 1.0
Content-Type: text/html; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Antivirus-ClamAV-Scanner: This message was scanned for viruses and
other harmful content on mail.eggycrew.com before being delivered.
Date: Tue, 26 Feb 2008 02:52:40 -0600
Re: No SPF_FAIL flag, why?
Posted by SM <sm...@resistor.net>.
At 11:27 27-02-2008, Russell Jones wrote:
>That doesn't make sense. Maybe I am misunderstanding this. From openspf.org:
>
>
>What does SPF actually DO?
>
>
>
>Suppose a spammer forges a hotmail.com address and tries to spam you.
>
>They connect from somewhere other than Hotmail.
>
>When his message is sent, you see MAIL FROM:
><<m...@hotmail.com>, but
>you don't have to take his word for it. You can ask Hotmail if the
>IP address comes from their network.
That's the return-path.
>If what you said is right, why does SPF only look at the return-path
>address and not the From: address? Nobody pays attention to
>return-path, they only look at From to see who their mail client
>says the email address is from.
If SPF was set to look up the address in the From: header, messages
you send through this mailing list would be rejected as they don't
come from your mail server.
Regards,
-sm
Re: No SPF_FAIL flag, why?
Posted by SM <sm...@resistor.net>.
At 11:02 27-02-2008, Russell Jones wrote:
>This email was received and is very much spam, (February 77% off,
>Viagra HTML spam), and was sent to this user FROM this user (which
>they obviously did not spam themselves). What can I do to make the
>score higher than what it was scored, as well as why didn't the SPF
>fail? The record for pittershawn.com has an SPF record that clearly
>states it can only come from 1 IP address.
SPF checks are done on the return-path only and not the address in
the From: header.
The was a BAYES_00 hit. That is wrong you consider the email as
spam. Retrain Bayes.
Regards,
-sm