Overview
There are many changes in how Kerio Connect handles SPF with SoftFail results.
By definition, Softfail (~) means that the message does not meet a domain's strict definition of legitimacy, but the domain cannot confidently state that the message is a forgery. MTAs SHOULD accept the message but MAY subject it to a higher transaction cost, deeper scrutiny, or an unfavorable score.
9.2.6 Patch 2 and earlier release
SoftFail is treated as Pass
9.2.7 and 9.2.7 Patch 1-3
The logic to handle Softfail with these versions is as follows:
- If the Action for HardFail is configured as Log only or Add spam score - do the same to SoftFail
- Otherwise, apply the Spam rating Tag score
9.2.8 and 9.2.8 Patch 1
Kerio Connect will apply the Spam rating Tag score to emails with SPF SoftFail results.
Here is an example of a header. On this case, the Tag score set in Configuration>Spam Filter>Spam Rating tab is 5 and it's applied to the email with Soft Failure SPF results.
X-Spam-Status: Yes, hits=5.0 required=5.0
tests=SPF: 5.00 - Soft Failure, TOTAL_SCORE: 5.000
9.2.9 and above
Kerio Connect will no longer apply the Tag score but will only add +1 to the total Spam score. See below sample headers.
X-Spam-Status: No, hits=1.3 required=5.0
tests=SPF: 1.00 - Soft Failure, HTML_MESSAGE: 0.001, XPRIO: 0.299,
TOTAL_SCORE: 1.300,autolearn=no