0

I tried to find the answer from google but all result is showing why SPF is important instead of explain the working mechanism and how mail server(gmail, microsoft, smartermail, etc) implement it, generally.

Below is the criteria in came out but could find the answer:

  1. SPF record exist, labeled sender & mail server domain aren't same, mail server domain/IP included
  2. SPF record exist, labeled sender & mail server domain aren't same, mail server domain/IP not included
  3. SPF record exist, labeled sender & mail server domain are same, mail server domain/IP not included
  4. SPF record not exist, labeled sender & mail server domain aren't same
  5. SPF record not exist, labeled sender & mail server domain are same

I would like to know, generally, which criteria will mark as junk mail by mail server.

Thank you.

Edit 1: Lets put the other factor apart, how mail server decide to increase/decrease the level of "points" by looking at SPF only?

Synchro
  • 35,538
  • 15
  • 81
  • 104
Jerry
  • 1,455
  • 1
  • 18
  • 39
  • Thanks for correction, changed it to mail server – Jerry Mar 17 '21 at 01:32
  • 1
    (With the exception of source-IP address blocks used for connection-filtering) anti-spam techniques rarely use any single factor to determine if a mail message should be marked as spam: it's usually a weighted (or points-based) system, with some factors (like SPF) having more weight than others (e.g. [Bayesian content analysis](https://en.wikipedia.org/wiki/Naive_Bayes_spam_filtering)) - or are ignored due to a user-configured allow-list - only messages with enough points are then flagged as spam. – Dai Mar 17 '21 at 01:33
  • Lets put the other factor apart, how mail server decide to increase/decrease the level of "points" by looking at SPF only? – Jerry Mar 17 '21 at 01:36
  • That's a subjective question and impossible to answer as it varies by installation: It's often configured by the mail server administrator based on how often users complain about false-positives and false-negatives. When I ran my own email server in the late-2000s I actually didn't use SPF at all because at the time most orgs weren't using SPF, and large email services which did use SPF (like Hotmail) were still sending spam. SPF is best for preventing spoofing and phishing rather than for identifying spam. – Dai Mar 17 '21 at 02:48

1 Answers1

2

SPF is only responsible for identifying sources of email, and has no opinion about content.

You're asking how receiving email servers decide what to do with messages that fail SPF checks. That's a good question, because it's something that a domain owner should be concerned about, and historically this has been undefined (as others have pointed out), and so varied wildly. Fortunately there's now a mechanism whereby the domain owner can say what a receiving server should do with messages that fail SPF checks: DMARC.

DMARC includes a p parameter that tells a receiver what to do with messages that fail checks. Its value can be none (do nothing, or whatever the receiver chooses), quarantine (put in spam or similar), or reject (bounce the message).

DMARC can apply these same policies to DKIM, and it also provides additional validation of the alignment between the SMTP envelope sender and the From message header.

If a domain lacks a DMARC record, you're back to guessing the outcome, and subject to the whims of receiving mail server admins' decisions.

Synchro
  • 35,538
  • 15
  • 81
  • 104