[ctw] Re: interpreting ASSP SPF fail

  • From: aklist <aklist_eims@xxxxxxxxxxxxx>
  • To: ctw@xxxxxxxxxxxxx
  • Date: Sat, 22 Oct 2011 10:27:45 -0700

On 10/22/2011 9:44 AM, TR Shaw wrote:

On Oct 22, 2011, at 12:31 PM, aklist wrote:

Hi All: I'm trying to get a handle on why ASSP flagged this message as spam for 
an SPF failure?

The message was sent by a local domain user using their blackberry. I have an SPF record for 
"localdomain1.com" with the IP address of the ASSP/EIMS server listed. The SPF record 
uses softfail  "~all".

Is the SPF fail being caused by the blackberry server, or something to do with 
the local domain?

TIA for any advice!

Received: from assp.mydomain.com ( by mail.mydomain.com
with SMTP (EIMS X 3.3.9) for<monitorspam@xxxxxxxxxxxxxxxx>;
Fri, 21 Oct 2011 09:18:31 -0700
Received: from smtp10.bis6.us.blackberry.com ([] 
        by assp.mydomain.com with ESMTP (ASSP 1.9); 21 Oct 2011
        09:18:30 -0700
Received: from b27.c30.bise6.blackberry ([])
        by srs.bis6.us.blackberry.com (8.13.7 TEAMON/8.13.7) with ESMTP id 
        for<user@xxxxxxxxxxxxxxxx>; Fri, 21 Oct 2011 16:18:30 GMT
Received: from (cmp29.c30.bise6.blackberry [])
        by b27.c30.bise6.blackberry (8.13.7 TEAMON/8.13.7) with ESMTP id 
        for<user@xxxxxxxxxxxxxxxx>; Fri, 21 Oct 2011 16:18:29 GMT
X-rim-org-msg-ref-id: 1251677768
Reply-To: user1@xxxxxxxxxxxxxxxx
X-Priority: Normal
Sensitivity: Normal
Importance: Normal
Subject: [SPF] Fw: Your Sweet City Candy order
To: "Dad"<user@xxxxxxxxxxxxxxxx>
From: user1@xxxxxxxxxxxxxxxx
Date: Fri, 21 Oct 2011 16:18:28 +0000
Content-Type: multipart/alternative; 
MIME-Version: 1.0
X-Assp-Version: on assp.mydomain.com
X-Assp-Delay: user@xxxxxxxxxxxxxxxx not delayed (auto accepted);
        21 Oct 2011 09:18:30 -0700
X-Assp-Score: 5 (SPF softfail)
X-Assp-Envelope-From: user1@xxxxxxxxxxxxxxxx
X-Assp-ID: assp.mydomain.com 31921-00469
X-Assp-Spam: YES
X-Assp-Original-Subject: Fw: Your SCC order
X-Assp-Spam-Reason: SPF softfail
X-Assp-Message-Totalscore: 5
X-Assp-Intended-For: user@xxxxxxxxxxxxxxxx
X-Assp-Copy-Spam: Yes

Looks like a backberry issue but you would have to look at their SPF record. 
However, check what you are doing on SPF handling as normally a softfail will 
just accumulate score and the score is too low to call it spam.

Thanks Tom, I have SPF set to "score", and no fallback/override domains configured.

The "strict processing" is set to:

"Strict Blocking" set to:

Under that, I have "strict spf blocking for local domains" checked.

"Alias domain" is set to my local domain.

Everything else is unchecked.
Circle The Wagons
manage: http://www.freelists.org/list/ctw post: mailto:ctw@xxxxxxxxxxxxx
unsubscribe: mailto:ctw-request@xxxxxxxxxxxxx?subject=unsubscribe
search: http://www.freelists.org/archives/ctw
faq: http://www.freelists.org/wiki/the_faq

Other related posts: