In <428F0618(_dot_)3040002(_at_)de-korte(_dot_)org> Arjen de Korte
<arjen(_at_)de-korte(_dot_)org> writes:
wayne schreef:
I agree that SA shouldn't score None, Neutral or the error conditions,
Like it or not, but as long as it tells you something about the
probability that a message can be classified as either ham or spam,
*anything* goes. Including SPF 'none', 'neutral' or whatever kind of
error condition you can think of.
Yes, you have every right to do whatever you want with your machine,
but senders have ever right to do whatever they want with their SPF
records. If publishing SPF records that result in Neutral causes
their email to be more likely to be rejected, then I think a lot of
domain owners will simply stop publishing SPF records.
By punishing domain owners for having SPF records that can return
Neutral, you may get a short term gain in spam filtering, but you are
hurting us all in the long term.
From my personal experience, I have found that more than 95% of messages
with a SPF result 'neutral' can be classified as spam. That's a pretty
high probability and it is because of that that I contributed the SA
patch to add the neutral scoring rule.
If your patch takes into account the different spamminess of different
domains that return Neutral and None, then your patch might be ok. If
you lump domains that are just collecting usage data with their SPF
records in with everyone else, then this is really bad.
Let me give more concrete examples.
Say example.com has the SPF record of:
example.com. TXT "v=spf1 mx a:outsource.smtp.org ip4:1.2.3.4/24 ?all"
Now, if example.com has really identified almost all of their email
sources and almost no mail from them gets forwarded, then any email
that ends up reaching the ?all part may very likely be spam.
On the other hand, say example.org has the SPF record of:
example.org. TXT "v=spf1 exists:_h.%{h}._l.%{l}._o.%{o}._i.%{i}._spf.%{d}
?all"
Then 100% of their email is going to end up being Neutral and that is
likely to be very bad. For what it is worth, that example is straight
out of the current SPF I-D. See:
http://www.schlitt.net/spf/spf_classic/draft-schlitt-spf-classic-01.html#rfc.section.9.1
It would be insane to reject mail on a 'neutral' score alone. But in a
scoring system (like SA) the occasional additional points gathered
should not be a problem for legitimate mail. As long as it doesn't score
on additional spamminess rules, there is no problem at all. For real
spam messages, it might be just the additional weight to tip the balance.
And for real ham messages, it might also be just enough to cause a
reject.
-wayne