I enabled the SPF check a while ago.
Since then I had the idea that some messages, when the SPF check fails are being forwarded to the customer.
Today I received a spammail from EMAIL, only containing a .doc file.
The mail has been sent from Vietnam, the IP isn't listed in our SPF record.
Yet the mail was delivered without warning or block.
The SPF check is intended to increase trust in mail messages with a valid SPF record, without affecting the score of messages without. So, if a message does not have a valid SPF record, it's not treated as spam.
If you see, the message score isn't altered by the SPF score, because it doesn't have the SPF
The behavior seems to be as expected. The message , tested on the command line, fires the rule T_SPF_TEMPERROR, that has a score of 0, so it doesn't cause any change in the overall message score, and this is coherent with the behavior of the SPF filter in the Protector: increase trust in mail messages with a valid SPF record. On the other side, when a message has a valid SPF record, like in , it receives a "bonus" score of -10 thanks to the rule SPF_HELO_PASS.
What could be done in the next firmware is add more options to the SPF filter, in order to:
- decrease the score score for every valid match: SPF_PASS, SPF_HELO_PASS
- increase the score for every invalid match: