Re: [Asrg] Some statistics on SPF and spam
Dave Warren <lists@hireahit.com> Tue, 12 February 2013 21:41 UTC
Return-Path: <prvs=1755669d32=lists@hireahit.com>
X-Original-To: asrg@ietfa.amsl.com
Delivered-To: asrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B6BEA21F8CA5 for <asrg@ietfa.amsl.com>; Tue, 12 Feb 2013 13:41:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BWOEEKq3SRUS for <asrg@ietfa.amsl.com>; Tue, 12 Feb 2013 13:41:48 -0800 (PST)
Received: from vinny.hireahit.com (vinny.hireahit.com [72.51.42.137]) by ietfa.amsl.com (Postfix) with ESMTP id D31EF21F8C9F for <asrg@irtf.org>; Tue, 12 Feb 2013 13:41:47 -0800 (PST)
Received: from [172.24.0.107] by hireahit.com (vinny.hireahit.com) (SecurityGateway 2.1.0a) with SMTP id SG003342989.MSG for <asrg@irtf.org>; Tue, 12 Feb 2013 13:41:45 -0800
Message-ID: <511AB715.6000301@hireahit.com>
Date: Tue, 12 Feb 2013 13:41:41 -0800
From: Dave Warren <lists@hireahit.com>
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:19.0) Gecko/20130117 Thunderbird/19.0
MIME-Version: 1.0
To: asrg@irtf.org
References: <0D79787962F6AE4B84B2CC41FC957D0B20BBE549@abn-exch1b.green.sophos> <20130212195549.GB26133@chaosreigns.com>
In-Reply-To: <20130212195549.GB26133@chaosreigns.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-SGOP-RefID: fgs=0 (_st=1 _vt=0 _iwf=0)
Subject: Re: [Asrg] Some statistics on SPF and spam
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Feb 2013 21:41:48 -0000
On 2/12/2013 11:55, darxus@chaosreigns.com wrote: > I didn't see the discussion where you promised to produce this, but I think > the problem is how much non-spam also fails SPF. > > From ruleqa.spamassassin.org/?daterev=20130211-r1444680-n&rule=%2Fspf : > > MSECS SPAM% HAM% S/O RANK SCORE NAME WHO/AGE > 0 0.0236 0.9635 0.024 0.15 0.00 SPF_FAIL > 0 0.0383 0.3059 0.111 0.27 0.00 SPF_SOFTFAIL > > Way more non-spam is failing than spam. If you just use SPF for positive scoring and never for negative scoring or blocking then that's okay. I'm also note suggesting that SPF or DKIM or similar alone is sufficient for positive scoring, but when combined with a local whitelist, I can aggressively whitelist companies that we do business with without having to worry about a spammer spoofing a whitelisted major corporation. When the company starts sending mail from a non-listed IP, they don't get the benefit of whitelisting, but nothing else "breaks", so there's no harm done. > Catching spam is easy. Doing so without excessive false positives is > what's hard. Amen. I guarantee you that I can block every single spam, 100% of the time, no questions asked, as long as one of the unasked questions is the false positive percentage. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren
- [Asrg] Some statistics on SPF and spam Martijn Grooten
- Re: [Asrg] Some statistics on SPF and spam darxus
- Re: [Asrg] Some statistics on SPF and spam Dave Warren