[ctw] Re: interpreting ASSP SPF fail

On 10/22/2011 9:44 AM, TR Shaw wrote:

On Oct 22, 2011, at 12:31 PM, aklist wrote:

Hi All: I'm trying to get a handle on why ASSP flagged this message as spam for 
an SPF failure?

The message was sent by a local domain user using their blackberry. I have an SPF record for 
"localdomain1.com" with the IP address of the ASSP/EIMS server listed. The SPF record 
uses softfail  "~all".

Is the SPF fail being caused by the blackberry server, or something to do with 
the local domain?

TIA for any advice!

Return-Path:<user1@xxxxxxxxxxxxxxxx>
Received: from assp.mydomain.com (127.0.0.1) by mail.mydomain.com
with SMTP (EIMS X 3.3.9) for<monitorspam@xxxxxxxxxxxxxxxx>;
Fri, 21 Oct 2011 09:18:31 -0700
Received: from smtp10.bis6.us.blackberry.com ([74.82.85.10] 
helo=smtp10.bis6.us.blackberry.com)
        by assp.mydomain.com with ESMTP (ASSP 1.9); 21 Oct 2011
        09:18:30 -0700
Received: from b27.c30.bise6.blackberry ([192.168.0.127])
        by srs.bis6.us.blackberry.com (8.13.7 TEAMON/8.13.7) with ESMTP id 
p9LGIUNj011172
        for<user@xxxxxxxxxxxxxxxx>; Fri, 21 Oct 2011 16:18:30 GMT
Received: from 172.29.223.199 (cmp29.c30.bise6.blackberry [172.29.223.199])
        by b27.c30.bise6.blackberry (8.13.7 TEAMON/8.13.7) with ESMTP id 
p9LGIT7M003453
        for<user@xxxxxxxxxxxxxxxx>; Fri, 21 Oct 2011 16:18:29 GMT
X-rim-org-msg-ref-id: 1251677768
Message-ID:<1251677768-1319213909-cardhu_decombobulator_blackberry.rim.net-1903184366-@xxxxxxxxxxxxxxxxxxxxxxx>
Reply-To: user1@xxxxxxxxxxxxxxxx
X-Priority: Normal
Sensitivity: Normal
Importance: Normal
Subject: [SPF] Fw: Your Sweet City Candy order
To: "Dad"<user@xxxxxxxxxxxxxxxx>
From: user1@xxxxxxxxxxxxxxxx
Date: Fri, 21 Oct 2011 16:18:28 +0000
Content-Type: multipart/alternative; 
boundary="part2749-boundary-503454095-1448843816"
MIME-Version: 1.0
X-Assp-Version: 1.9.1.8(1.1.00) on assp.mydomain.com
X-Assp-Delay: user@xxxxxxxxxxxxxxxx not delayed (auto accepted);
        21 Oct 2011 09:18:30 -0700
X-Assp-Score: 5 (SPF softfail)
X-Assp-Envelope-From: user1@xxxxxxxxxxxxxxxx
X-Assp-ID: assp.mydomain.com 31921-00469
X-Assp-Spam: YES
X-Assp-Original-Subject: Fw: Your SCC order
X-Spam-Status:YES
X-Assp-Spam-Reason: SPF softfail
X-Assp-Message-Totalscore: 5
X-Assp-Intended-For: user@xxxxxxxxxxxxxxxx
X-Assp-Copy-Spam: Yes


Looks like a backberry issue but you would have to look at their SPF record. 
However, check what you are doing on SPF handling as normally a softfail will 
just accumulate score and the score is too low to call it spam.

Thanks Tom, I have SPF set to "score", and no fallback/override domains configured.

The "strict processing" is set to:
@gmail.com|@hotmail.com|@msn.com|@live.com|@aol.com|@ebay.com|@ebay.nl|@bbt.com|@paypal.com|@einsundeins.de|@microsoft.com|rr.com|veritate.com

"Strict Blocking" set to:
@ebay.com|@paypal.com

Under that, I have "strict spf blocking for local domains" checked.

"Alias domain" is set to my local domain.

Everything else is unchecked.
Circle The Wagons
manage: http://www.freelists.org/list/ctw post: mailto:ctw@xxxxxxxxxxxxx
unsubscribe: mailto:ctw-request@xxxxxxxxxxxxx?subject=unsubscribe
search: http://www.freelists.org/archives/ctw
faq: http://www.freelists.org/wiki/the_faq

Other related posts: