spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

current SPF hitrates on my corpus

2004-01-14 14:03:59
from [Justin Mason] [Permanent Link] 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hi folks -- FYI, here's the hit rates of
current SPF rules in SpamAssassin 2.70:

OVERALL%   SPAM%     HAM%     S/O    RANK   SCORE  NAME
   7598     4958     2640    0.653   0.00    0.00  (all messages)
100.000  65.2540  34.7460    0.653   0.00    0.00  (all messages as %)
 11.700   0.3025  33.1061    0.009   0.93   -0.10  T_SPF_HELO_PASS
  1.711   0.0000   4.9242    0.000   0.92   -0.10  T_SPF_PASS
  0.000   0.0000   0.0000    0.500   0.11    0.10  T_SPF_SOFTFAIL
  0.000   0.0000   0.0000    0.500   0.11    0.10  T_SPF_HELO_SOFTFAIL
  3.304   2.5010   4.8106    0.342   0.04    0.20  T_SPF_FAIL
  2.659   0.0000   7.6515    0.000   0.00    0.20  T_SPF_HELO_FAIL

T_SPF_* = SPF checking using envelope-from, where this is available;
there's a number of situations where it is not available, particularly
where fetchmail is involved with mailing lists (fetchmail picks the wrong
envelope-from to use), so on my mail it's restricted.

T_SPF_HELO_* = SPF checking on HELO string alone.  This is more widely
available for SpamAssassin users, since it doesn't require accurate
envelope-from data (which is often rewritten or destroyed by intervening
software like fetchmail).

Note that SOFTFAIL no longer seems to be working. The SpamAssassin glue
code needs to be updated to reflect that this is no longer returned;
I haven't been keeping that up-to-date with Mail::SPF::Query changes.

The T_SPF_HELO_PASS false negatives are where I haven't set my
configuration to recognise that it can trust Received headers added by a
legit forwarder (cpan.org).  This adds a Received line with non-forged
HELO data, and gets a pass as a result.

The T_SPF_HELO_FAIL false positives are a byproduct of the testing
methodology; testing months-old mail against up-to-date SPF records.  One
list had moved its mail server to a new IP.  C'est la vie, unfortunately.

However, overall for some reason, I'm now seeing more SPF failures in
nonspam than in spam.   This will probably result in an SPF failure
getting a 0 score... but an SPF pass looks like a good ham-sign.

- --j.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Exmh CVS

iD8DBQFABa6/QTcbUG5Y7woRAsDAAKDTn3ZDQyItlB2zuHX3v1b2N6S7DgCguaLI
q8C6AzB8bcrNiTEjjU6XgOo=
=E/gC
-----END PGP SIGNATURE-----
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: SRS requirements, wayne
Next by Date:  Re: current SPF hitrates on my corpus, Meng Weng Wong
Previous by Thread:  Re: SRS requirements, Meng Weng Wong
Next by Thread:  Re: current SPF hitrates on my corpus, Meng Weng Wong
Indexes:  [Date] [Thread] [Top] [All Lists]