Re: [Asrg] misconception in SPF

Martijn Grooten <martijn.grooten@virusbtn.com> Tue, 11 December 2012 08:45 UTC

Return-Path: <martijn.grooten@virusbtn.com>
X-Original-To: asrg@ietfa.amsl.com
Delivered-To: asrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F041C21F87C1 for <asrg@ietfa.amsl.com>; Tue, 11 Dec 2012 00:45:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BWX6LyLFUrcs for <asrg@ietfa.amsl.com>; Tue, 11 Dec 2012 00:45:40 -0800 (PST)
Received: from mx3.sophos.com (mx3.sophos.com [216.47.234.212]) by ietfa.amsl.com (Postfix) with ESMTP id 30AA121F87B2 for <asrg@irtf.org>; Tue, 11 Dec 2012 00:45:39 -0800 (PST)
Received: from mx3.sophos.com (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 0A614188452 for <asrg@irtf.org>; Tue, 11 Dec 2012 08:45:39 +0000 (GMT)
Received: from abn-exch1b.green.sophos (abn-exch1b.green.sophos [10.100.70.62]) by mx3.sophos.com (Postfix) with ESMTPS id A826018842B for <asrg@irtf.org>; Tue, 11 Dec 2012 08:45:38 +0000 (GMT)
Received: from ABN-EXCH1A.green.sophos ([fe80::67:3150:dacd:910d]) by abn-exch1b.green.sophos ([fe80::dc96:facf:3d2c:c352%17]) with mapi id 14.02.0247.003; Tue, 11 Dec 2012 08:45:37 +0000
From: Martijn Grooten <martijn.grooten@virusbtn.com>
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
Thread-Topic: [Asrg] misconception in SPF
Thread-Index: AQHN0+ufsqH0dJXpZk22wCV06nTFZ5gMNOaAgAASggCAALs6AIADkeEAgABtQPSAACMogIAAfLtKgAAmAwCAAClNo4AANEKAgAARtQCAAApSAIAABrkAgAAC+7OAAPY+AIAADEjd
Date: Tue, 11 Dec 2012 08:45:37 +0000
Message-ID: <0D79787962F6AE4B84B2CC41FC957D0B20AD790A@ABN-EXCH1A.green.sophos>
References: <20121206212116.10328.qmail@joyce.lan> <50C1A95A.5000001@pscs.co.uk> <50C4A7F8.3010201@dcrocker.net> <CAFdugamTbTirVV2zXKOmc9oTaCS+QiTemhT=jvYJnHYscHQK7g@mail.gmail.com> <0D79787962F6AE4B84B2CC41FC957D0B20ACE6D0@ABN-EXCH1A.green.sophos> <20121209213307.D90C12429B@panix5.panix.com> <CAFduganBR_E-ui-3Xbic6F7qSmg1-Q+ideXLvb+1isLz8OF0Nw@mail.gmail.com> <0D79787962F6AE4B84B2CC41FC957D0B20ACFFE1@ABN-EXCH1A.green.sophos> <50C5A9A0.105@pscs.co.uk> <0D79787962F6AE4B84B2CC41FC957D0B20AD01B2@ABN-EXCH1A.green.sophos> <20121210145627.GA21217@gsp.org> <CAFdugakdqoN7S2YuWEVHo_YaOZJTPKt1w7tdcn8oasB=gb+qcg@mail.gmail.com> <50C60F9E.1060202@mustelids.ca>, <CAFdugakaY6Lh_5HR8xN7YqrimO9nM72mpxtLwE7T0CpKFu75tA@mail.gmail.com> <0D79787962F6AE4B84B2CC41FC957D0B20AD08F6@ABN-EXCH1A.green.sophos>, <50C6E652.7010401@tana.it>
In-Reply-To: <50C6E652.7010401@tana.it>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.100.64.11]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [Asrg] misconception in SPF
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Dec 2012 08:45:41 -0000

> Does that imply that most, or even a relevant percentage of them [block SPF fails]?

No. I know some do, but I think it's a minority. (Among commercial spam-filters used mainly by corporations, that is. It could be that some of the larger ISPs block SPF fails outright, which would skew the picture.)

What I know for sure is that failing SPF doesn't mean an email is blocked by all spam-filters, because I found several counter-examples.

Inspired by this thread, I'm going to do a little more research into this and will try to see if there is any correlation between the SPF status of a spam message and the likelihood of it being blocked. I'll share the results on this list.

Martijn.

________________________________

Virus Bulletin Ltd, The Pentagon, Abingdon, OX14 3YP, England.
Company Reg No: 2388295. VAT Reg No: GB 532 5598 33.