SpamAssassin Rule: SPF_HELO_SOFTFAIL

Standard description: SPF: HELO does not match SPF record (softfail)

Explanation

SPF (Sender Policy Framework) is an open standard specifying a technical method to prevent sender address forgery. The domain in the HELO command is matched against a list of allowed mail relays for that domain. This states, for example, that mail from someone@example.com should have come via mail.example.com and not mail.badguys.info.

In a normal mail client, the HELO command uses the internet name of the computer sending the mail, so that someone might use their computer 1-2-3-dyn.bigisp.com to send mail through bigisp.com's mail relay, which has an SPF record indicating that that's allowed.

Soft Fail

A "SoftFail" result should be treated as somewhere between a "Fail" and a "Neutral". The domain believes the host is not authorized but is not willing to make that strong of a statement. Receiving software SHOULD NOT reject the message based solely on this result, but MAY subject the message to closer scrutiny than normal.

The domain owner wants to discourage the use of this host and thus desires limited feedback when a "SoftFail" result occurs. For example, the recipient's Mail User Agent (MUA) could highlight the "SoftFail" status, or the receiving MTA could give the sender a message using a technique called "greylisting" whereby the MTA can issue an SMTP reply code of 451 (4.3.0 DSN code) with a note the first time the message is received, but accept it the second time.

From RFC 4408

Further Info

The default scores for this rule can be found in the online list of tests.


CategoryRule

Rules/SPF_HELO_SOFTFAIL (last edited 2012-04-27 18:33:38 by S01060080c6f26c50)