SPF Test Question - ORF Forums

SPF Test Question RSS Back to forum

1

We have some colleges that are softfailing their SPF test. These are legitimate emails.

One is nyu.edu sending as 209.85.216.170 & emory.edu sending as 207.46.163.210. Adding their domains to the SPF exception list is nice, but a maintinance nightmare for me since we keep getting new ones on a weekly basis.

I know you can turn off SPF softfail but we get plenty getting blocked that should be blocked.

So my question. How can I get the SPF test only to continue through but sent to Outlook junk mail or at the very least add [SPAM] to the subject.

I saw under Filtering > Actions > On Arrival but that will effect my other tests as well.

Thanks,
Jean

by jean.davis 5 years ago
2

@jean.davis: Hi Jean,

This would require configuring a different action for SPF SoftFail, which is not yet available in ORF. We actually have a feature request for this at http://vamsoft.com/support/feature-requests/configurable-action-for-spf-softfail -- you can vote this request to add more emphasis.

I have checked the SPF policy of both domains and in emory.edu's case, there appears to be an attempt to include outlook.com SPF policy and 207.46.163.210 also appears to be an IP of outlook.com. However, the way it is worded in the policy ("a:outlook.com") is not going to work. In case this was changed to "include:outlook.com", the policy would explicitly allow 207.46.163.210 to send in the name of emory.edu. If you are experiencing repeated issues with emory.edu addresses, you can also consider contacting the IT department of Emory to get this issue fixed.

by Péter Karsai (Vamsoft) 5 years ago
(in reply to this post)

3

Thats what I have done so far was just to notify their IT at both places. I was just looking for a "less work" on my end approach but still block the softfails.

Thanks for the info.

by jean.davis 5 years ago
4

This is one of the gotchyas and timesinks with ORF. For example I have whitelisted about 50-100 clients over the years I've used this product, because the clients either do not respect greylisting settings, or an employee wants an email NOW and the sending server is just waiting to send again in ~15 minutes.

Or some server, somewhere, doesn't follow RFC compliance, gets false-positive'd, and I spend a week troubleshooting.

As long as I'm here, I might add to the feature requests. Can there be a setting where when a change is made from the log viewer, that the change is implemented immediately? Not having to open admin tool, click the alert bubble approve/accept, then save config? Because I'm in ORF 2-5 times a month making small exceptions or many changes here and there, and this repetitive task is less desireable.

Amazingly, the honeypot test has become one of the most valuable. I add former employees that have not been with the company for 5 or more years to the honeypot, and this actually increases the spam catch rate each time.

by indy 5 years ago
5

"Can there be a setting where when a change is made from the log viewer, that the change is implemented immediately? Not having to open admin tool, click the alert bubble approve/accept, then save config?"

Actually, the items you send over from the Log Viewer are automatically applied and become part of the active configuration immediately, but they are shown in the the Administration Tool only after they are accepted in the Pending submissions dialog:

http://vamsoft.com/r?o-hto-adm-rcts

by Krisztián Fekete (Vamsoft) 5 years ago
6

Good day!

This function is relevant for me: "get the SPF test only to continue through but sent to Outlook junk mail or at the very least add [SPAM] to the subject".
Please specify whether it is planned to include it in the orf functionality?

by itfabrica 8 months ago
7

@itfabrica: Hello itfabrica,

The next version of ORF (v6.0) will allow you to configure different filtering actions for most of the ORF blacklists, including the SPF Test. You may try the beta version already, available at https://vamsoft.com/beta/

by Daniel Novak (Vamsoft) 8 months ago
(in reply to this post)

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

It will not be published.
hnp1 | hnp2