ASSP antiSpam and SPF

Posted on 2011-10-03
Last Modified: 2013-11-22
You'd know tell me how I could block emails sent through the gmail is using the ASSP antispam?

Is there some setting that I can report that the SPF for certain domains not pass, block e-mail?

Oct-03-11 15:48:25 m-31766-00067 <> to: [scoring] spf_result:neutral;
Oct-03-11 15:48:25 m-31766-00067 <> to:;
Oct-03-11 15:48:25 m-31766-00067 <> to: scope:mfrom;
Oct-03-11 15:48:25 m-31766-00067 <> to: spf_record:v=spf1;
Oct-03-11 15:48:25 m-31766-00067 <> to: ... Domain does not state whether sender is authorized to use '' in 'mfrom' identity (mechanism '?all' matched);
Question by:eduardort
    LVL 21

    Expert Comment

    The problem there is that Google is using the ? mechanism, which gives a Neutral result to SPF checks.  If you are verifying DKIM as well, then that will suffice for keeping out spoofed mails.

    Author Comment

    Hummm good ...

    Dkim this really cool. The problem is that version 1.9 of the ASSP, does not support DKIM. Would be able to block it for the same SPF?
    LVL 21

    Expert Comment

    You might be able to code some plugin script for ASSP (if they even allow it) to do what you want, but you should NOT do that as you would not be honoring the SPF record as it is published.  Don't do it!!!

    On the ASSP page at sourceforge it says it does DKIM, maybe it's just available in 2.x:
    Community based grey IP list, Senderbase, SPF, DKIM support even if your MTA does not support it.

    An anti-spam solution that doesn't verify DKIM is not worth using, period.
    LVL 29

    Expert Comment

    by:Sudeep Sharma

    You would need to modify the ASSP configuration and add the domain to "strictSPFRe" section.

    As per the configuration file:

    "['strictSPFRe','Strict SPF Processing Regex*',80,\&textinput,'|||||||||','(.*)','ConfigCompileRe',
     'Softfail/Neutral/None will be failed for these sending addresses. Put anything here to identify the addresses. For example: \'|||||||||\''],'

    Your configuration may differ from what is posted above. Just make sure to take the backup before you could modify anything.
    LVL 21

    Accepted Solution


    section 2.5.1, 2.5.2, and 2.5.5 of

    2.5.1.  None

       A result of "None" means that no records were published by the domain
       or that no checkable sender domain could be determined from the given
       identity.  The checking software cannot ascertain whether or not the
       client host is authorized.

    2.5.2.  Neutral

       The domain owner has explicitly stated that he cannot or does not
       want to assert whether or not the IP address is authorized.  A
       "Neutral" result MUST be treated exactly like the "None" result; the
       distinction exists only for informational purposes.  Treating
       "Neutral" more harshly than "None" would discourage domain owners
       from testing the use of SPF records (see Section 9.1).

    2.5.5.  SoftFail

       A "SoftFail" result should be treated as somewhere between a "Fail"
       and a "Neutral".  The domain believes the host is not authorized but
       is not willing to make that strong of a statement.  Receiving
       software SHOULD NOT reject the message based solely on this result,
       but MAY subject the message to closer scrutiny than normal.

    As I said it might be possible to do, and SSharma explains how, but you will not be RFC compliant if you do.  The correct approach to resolving this is to leave the SPF checks as they are and implement DKIM verification.

    Author Comment

    Thx Papertrip, good words :)

    And SSharma, I saw this configuration on ASSP, however I could not understand exactly what it does. Could you help me understand?

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    Suggested Solutions

    Forget those services on TV trying to sell you software – that’s step one.  Almost all of the software you need should be available for free.  The tricky part is doing the work.  If you are not comfortable performing these steps yourself, contact a …
    Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now