On 2/12/2013 11:55, darxus(_at_)chaosreigns(_dot_)com wrote:
I didn't see the discussion where you promised to produce this, but I think
the problem is how much non-spam also fails SPF.
From ruleqa.spamassassin.org/?daterev=20130211-r1444680-n&rule=%2Fspf :
MSECS SPAM% HAM% S/O RANK SCORE NAME WHO/AGE
0 0.0236 0.9635 0.024 0.15 0.00 SPF_FAIL
0 0.0383 0.3059 0.111 0.27 0.00 SPF_SOFTFAIL
Way more non-spam is failing than spam.
If you just use SPF for positive scoring and never for negative scoring
or blocking then that's okay.
I'm also note suggesting that SPF or DKIM or similar alone is sufficient
for positive scoring, but when combined with a local whitelist, I can
aggressively whitelist companies that we do business with without having
to worry about a spammer spoofing a whitelisted major corporation.
When the company starts sending mail from a non-listed IP, they don't
get the benefit of whitelisting, but nothing else "breaks", so there's
no harm done.
Catching spam is easy. Doing so without excessive false positives is
what's hard.
Amen.
I guarantee you that I can block every single spam, 100% of the time, no
questions asked, as long as one of the unasked questions is the false
positive percentage.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg