I also see a lot of SoftFail spam coming in.
example:
HELO = host130-97-dynamic.11-87-r.retail.telecomitalia.it
MAILFROM = cservice.refAQ61195523.gps@citizensbank.com
v=spf1 ip4:12.154.167.142 ip4:12.46.106.21 mx ~all
This message was a phishing spam. I believe that during the SPF transition the spammers take advantage of transitioning domains and try to push spam through using the SoftFail result. Too many domains are in transition right now - it's a free-for-all.
HELO = ppp-124.121.108.131.revip2.asianet.co.th, MAILFROM = jrafert471@hersheys.com
HELO = ppp91-122-1-178.pppoe.avangard-dsl.ru, MAILFROM = itunes@new-music.itunes.com
HELO = mail.landschapsbeheerutrecht.nl, MAILFROM = do-not-reply@bankofamerica.com
My users have the option setting in their webmail control panel to treat "In-Transition Spam checks (~all) as Allowed or as Spam. They can whitelist the From address if they like overriding the SPF result.
--troy
---------- Original Message ----------------------------------
From: Jeremy Jackson <jerj@coplanar.net>
Reply-To: spf-devel@v2.listbox.com
Date: Thu, 13 Sep 2007 09:48:10 -0400
>Since implementing milter-greylist here a few weeks ago, the few spams
>that have reached my Inbox here have been from domains (presumably owned
>by or targeted by spammers) with SPF records ending in "+all"
>
>I see there is some ability to add local policy, but it seems like it
>would need to be extended to be a general purpose filter that could be
>used to remove the "+all" when being used by milter-greylist for
>auto-whitelisting, for example.
>
>--
>Jeremy Jackson
>Coplanar Networks
>(519)489-4903
>
>-------------------------------------------
>-----------------------------------------------------------------------
>To unsubscribe, change your address, or temporarily deactivate your
>subscription,
>please go to http://v2.listbox.com/member/?&
>Powered by Listbox: http://www.listbox.com
>
-------------------------------------------
-----------------------------------------------------------------------
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?member_id=1311533&id_secret=41679417-c22ddb
Powered by Listbox: http://www.listbox.com
example:
HELO = host130-97-dynamic.11-87-r.retail.telecomitalia.it
MAILFROM = cservice.refAQ61195523.gps@citizensbank.com
v=spf1 ip4:12.154.167.142 ip4:12.46.106.21 mx ~all
This message was a phishing spam. I believe that during the SPF transition the spammers take advantage of transitioning domains and try to push spam through using the SoftFail result. Too many domains are in transition right now - it's a free-for-all.
HELO = ppp-124.121.108.131.revip2.asianet.co.th, MAILFROM = jrafert471@hersheys.com
HELO = ppp91-122-1-178.pppoe.avangard-dsl.ru, MAILFROM = itunes@new-music.itunes.com
HELO = mail.landschapsbeheerutrecht.nl, MAILFROM = do-not-reply@bankofamerica.com
My users have the option setting in their webmail control panel to treat "In-Transition Spam checks (~all) as Allowed or as Spam. They can whitelist the From address if they like overriding the SPF result.
--troy
---------- Original Message ----------------------------------
From: Jeremy Jackson <jerj@coplanar.net>
Reply-To: spf-devel@v2.listbox.com
Date: Thu, 13 Sep 2007 09:48:10 -0400
>Since implementing milter-greylist here a few weeks ago, the few spams
>that have reached my Inbox here have been from domains (presumably owned
>by or targeted by spammers) with SPF records ending in "+all"
>
>I see there is some ability to add local policy, but it seems like it
>would need to be extended to be a general purpose filter that could be
>used to remove the "+all" when being used by milter-greylist for
>auto-whitelisting, for example.
>
>--
>Jeremy Jackson
>Coplanar Networks
>(519)489-4903
>
>-------------------------------------------
>-----------------------------------------------------------------------
>To unsubscribe, change your address, or temporarily deactivate your
>subscription,
>please go to http://v2.listbox.com/member/?&
>Powered by Listbox: http://www.listbox.com
>
-------------------------------------------
-----------------------------------------------------------------------
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?member_id=1311533&id_secret=41679417-c22ddb
Powered by Listbox: http://www.listbox.com