You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2017/12/04 19:26:42 UTC

[Bug 7512] New: Change the default score of SPF_NONE to 0.001

https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7512

            Bug ID: 7512
           Summary: Change the default score of SPF_NONE to 0.001
           Product: Spamassassin
           Version: SVN Trunk (Latest Devel Version)
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Rules
          Assignee: dev@spamassassin.apache.org
          Reporter: davej@apache.org
  Target Milestone: Undefined

50_scores.cf has SPF_NONE at 0 (disabled).  With SPF being widely deployed and
considered a must for reliable delivery these days, what do you think about
changing the score to 0.001 so it's enabled and visible?

I would be fine with a higher score like 0.1 and even increasing this value
slowly over time to help those senders that don't have SPF setup to become
aware that they need to setup an SPF record.

Dave Jones

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 7512] Change the default score of SPF_NONE to 0.001

Posted by bu...@bugzilla.spamassassin.org.

https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7512

Dave Jones <da...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |davej@apache.org

--- Comment #2 from Dave Jones <da...@apache.org> ---
SPF_NONE isn't going to directly point to ham or spam but it's useful for meta
rules.  KAM.cf already does the same check as SPF_NONE to determine
KAM_LAZY_DOMAIN_SECURITY to add 1.0.

My point was to enable it so it would become visible by mail admins and over
time use the Spamassassin community to promote the importance of implementing
SPF for reliable delivery.

I run into senders that I would like to whitelist_auth but they don't have an
SPF record so you have to guess at the whitelist_from_rcvd entry based only on
that particular email's Received headers.

Just like proper FCrDNS is crucial for a mail server that sends to the
Internet, SPF should be a requirement.

Team Cymru would add an SPF record if someone contacted them.  I don't know
about those others.  Just because they don't exist doesn't mean that is the
correct SPF setup.

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 7512] Change the default score of SPF_NONE to 0.001

Posted by bu...@bugzilla.spamassassin.org.

https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7512

Dave Jones <da...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |WONTFIX

--- Comment #3 from Dave Jones <da...@apache.org> ---
Boy!  Tough crowd.  Closing due to not enough interest/feedback.

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 7512] Change the default score of SPF_NONE to 0.001

Posted by bu...@bugzilla.spamassassin.org.

https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7512

Bill Cole <sa...@billmail.scconsult.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |sa-bugz-20080315@billmail.s
                   |                            |cconsult.com

--- Comment #1 from Bill Cole <sa...@billmail.scconsult.com> ---
-1

Of the 7742 messages in my current log which reached SA (lots do not...) and
were not local (i.e. not ALL_TRUSTED) 1020 had no SPF rule match, i.e. they
would match SPF_NONE but for it not having a score. 1003 of those had negative
scores, largely but not entirely due to various forms of provisional
whitelisting of the sender or recipient. 13 were rejected, all correctly based
on what was logged about them. There were no messages within 0.5 on either side
of my rejection threshold.

This may be skewed by my subscription to a few mailing lists run by fairly
mail-savvy entities:

bigsky:~ root# host -t txt mailop.org
mailop.org has no TXT record
bigsky:~ root# host -t txt postfix.org
postfix.org has no TXT record
bigsky:~ root# host -t txt lists.cymru.com
lists.cymru.com has no TXT record
bigsky:~ root# host -t txt lists.freron.com
lists.freron.com has no TXT record


Absent the RuleQA process revealing SPF_NONE to be actually useful in
differentiating between spam and ham on more diverse mailstreams, I don't see a
case for scoring it on theological grounds.

-- 
You are receiving this mail because:
You are the assignee for the bug.