Hi,
I received an email from ncua.gov sent through Zix that apparently was an
SPF softfail. It also hit FROM_GOV_SPOOF. I wanted to see if the two were
related, or what the reason was for this email hitting so many spam rules.
meta FROM_GOV_SPOOF !__NOT_SPOOFED && __FROM_ADDRLIST_GOV && (!
NO_RELAYS && ! ALL_TRUSTED)
tflags FROM_GOV_SPOOF net publish
describe FROM_GOV_SPOOF From Government domain but matches SPOOFED
Why is there a SPF softfail with Zix? Certainly it's possible there just so
happened to be a DNS problem at that time, but just wanted to be sure
something else wasn't happening - I don't want to wait until an email is
rejected from this sender before doing something about it.
X-Spam-Status: No, score=3.449 tagged_above=-200 required=5
tests=[.BAYES_05=-0.5, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, DMARC_NONE=0.1,
FORGED_SPF_HELO=1, FROM_GOV_SPOOF=1, HTML_FONT_LOW_CONTRAST=0.001,
HTML_MESSAGE=0.001, KAM_DMARC_NONE=0.25, KAM_DMARC_STATUS=0.01,
KAM_EVIL_NUMBERS4=1, KAM_LOTSOFHASH=0.25, LOC_CDIS_INLINE=0.1,
RCVD_IN_DNSWL_LOW=-0.7, RELAYCOUNTRY_LOW=0.1, RELAYCOUNTRY_US=0.01,
SPF_HELO_PASS=-0.001, SPF_SOFTFAIL=0.665, TXREP=-0.177,
T_KAM_HTML_FONT_INVALID=0.01] autolearn=disabled
https://pastebin.com/8sSqYh9u
I received an email from ncua.gov sent through Zix that apparently was an
SPF softfail. It also hit FROM_GOV_SPOOF. I wanted to see if the two were
related, or what the reason was for this email hitting so many spam rules.
meta FROM_GOV_SPOOF !__NOT_SPOOFED && __FROM_ADDRLIST_GOV && (!
NO_RELAYS && ! ALL_TRUSTED)
tflags FROM_GOV_SPOOF net publish
describe FROM_GOV_SPOOF From Government domain but matches SPOOFED
Why is there a SPF softfail with Zix? Certainly it's possible there just so
happened to be a DNS problem at that time, but just wanted to be sure
something else wasn't happening - I don't want to wait until an email is
rejected from this sender before doing something about it.
X-Spam-Status: No, score=3.449 tagged_above=-200 required=5
tests=[.BAYES_05=-0.5, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, DMARC_NONE=0.1,
FORGED_SPF_HELO=1, FROM_GOV_SPOOF=1, HTML_FONT_LOW_CONTRAST=0.001,
HTML_MESSAGE=0.001, KAM_DMARC_NONE=0.25, KAM_DMARC_STATUS=0.01,
KAM_EVIL_NUMBERS4=1, KAM_LOTSOFHASH=0.25, LOC_CDIS_INLINE=0.1,
RCVD_IN_DNSWL_LOW=-0.7, RELAYCOUNTRY_LOW=0.1, RELAYCOUNTRY_US=0.01,
SPF_HELO_PASS=-0.001, SPF_SOFTFAIL=0.665, TXREP=-0.177,
T_KAM_HTML_FONT_INVALID=0.01] autolearn=disabled
https://pastebin.com/8sSqYh9u