Mailing List Archive

I'm running into a similar problem here. At my gateway, numerous spam
messages are being tagged "SoftFail" by my SPF filter because the sender's
SPF record contains "~all".

I think the sending domain is basically tossing the responsibility back at
us to determine whether or not any e-mail received with a return address in
their domain is actually legitimate.

I'm trying to figure out the best way to deal with these "SoftFail"
messages, as there are a few legitimate ones trapped amongst the spam, so
blocking them entirely is out of the question for the moment.

For now, I'm trapping them into a special folder for manual review and
release, and I've configured my antispam gateway to send me a note whenever
it intercepts any. For those that I release, the sender's address is
automatically added to an SPF "whitelist", so future messages from that
address are automatically let through.


Regards,
Brian


-----Original Message-----
From: Curt Geesdorf [mailto:curt@iesanet.com.br]
Sent: Monday, May 25, 2009 20:19
To: spf-help@v2.listbox.com
Subject: [spf-help] ~all, ?all and -all

Hi all!

Many sites use "~all" and "?all" and never change for "-all", and
spammers are forging emails using those sites.
As I was tired of receiving so much junk, I changed the file
/usr/local/share/perl/5.8.8/Mail/SPF/Record.pm to consider all as "fail" ...

(...)
use constant results_by_qualifier => {
'' => 'pass',
'+' => 'pass',
'-' => 'fail',
'~' => 'fail', ----------------- MY CHANGE
'?' => 'fail' ----------------- MY CHANGE
# '~' => 'softfail', ----- ORIGINAL
# '?' => 'neutral' ----- ORIGINAL
};
(...)


[]s

*/Curt Geesdorf/*
<https://www1.lpi.org/pt_br/verify.html?lpi_id=LPI000090133&ver_code=uftmav5
p47>www.iesanet.com.br



-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

On Tue, May 26, 2009 at 04:57, [SPICEISLE.COM] Brian Steele
<brian@spiceisle.com> wrote:
> I'm running into a similar problem here.  At my gateway, numerous spam
> messages are being tagged "SoftFail" by my SPF filter because the sender's
> SPF record contains "~all".
>
> I think the sending domain is basically tossing the responsibility back at
> us to determine whether or not any e-mail received with a return address in
> their domain is actually legitimate.

Personally, I pass those through and have SpamAssassin weight against
them. That way if they're at all spammy they'll get taken care of by
SA.

Part of the problem is that once they've created the record, many
people never revisit it. Worse, people like Google tell people to use
~all.

--
Please keep list traffic on the list.

Rob MacGregor
Whoever fights monsters should see to it that in the process he
doesn't become a monster. Friedrich Nietzsche


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

FWIW, I do the "SPF SoftFail" filter thing AFTER my antispam gateway has run
all of its other rules to trap spam, and it STILL picks up spam passing
through.


Regards,
Brian


-----Original Message-----
From: Rob MacGregor [mailto:rob.macgregor@gmail.com]
Sent: Tuesday, May 26, 2009 04:25
To: spf-help@v2.listbox.com
Subject: Re: [spf-help] ~all, ?all and -all

On Tue, May 26, 2009 at 04:57, [SPICEISLE.COM] Brian Steele
<brian@spiceisle.com> wrote:
> I'm running into a similar problem here.  At my gateway, numerous spam
> messages are being tagged "SoftFail" by my SPF filter because the sender's
> SPF record contains "~all".
>
> I think the sending domain is basically tossing the responsibility back at
> us to determine whether or not any e-mail received with a return address
in
> their domain is actually legitimate.

Personally, I pass those through and have SpamAssassin weight against
them. That way if they're at all spammy they'll get taken care of by
SA.

Part of the problem is that once they've created the record, many
people never revisit it. Worse, people like Google tell people to use
~all.

--
Please keep list traffic on the list.

Rob MacGregor
Whoever fights monsters should see to it that in the process he
doesn't become a monster. Friedrich Nietzsche


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com