Hi Julian,
I think the difference its a genuine spam mail servers are out there, as in they would pass SPF validation and you would get a spam in your inbox.
Yet, this is my experience so far with spam. I started my mail server setup in mind to configure Greylisting, and once I came to it, I decided to drop it down. I just found it unnecessary with SpamAssassin and Pyzor scanning along with EXIM DNS black lists test, DANE, DKIM, SPF, DMARC and ARC validation. Whenever any of these validation measures fails, I add unique relevant “ could be spam " header, and use pigeonhole to rewrite subject and forward it to spam folder. I get very rarely spam emails, and if I do, I know what kind of failure it ended up with in spam, mostly marked spam content from SA or DKIM, SPF and recently ARC verifying fails.
Note, if you were to integrate SA, it has learn and train feature, you can run it on your existing inbox as well as spam folders, and it gathers information from and uses to make better decision rules when scanning future emails.
I hope this come helpful to you in deciding if you want to consider dropping GL in the first place and rely on the rest.
Good luck.
Zakaria.
> On 11 Mar 2022, at 11:37, Julian Bradfield via Exim-users <exim-users@???> wrote:
>
> I wonder if any of you have done any analysis of how much spam email
> is SPF-valid?
>
> For many years, one of my main spam defences has been a reasonably
> aggressive greylisting strategy. This works well at never seeing the
> spam from the "fire-and-forget" spambots, but it has the downside of
> occasionally delaying genuine mail by a few minutes (or up to an hour,
> depending on the sending MTA's retry strategy), which is particularly
> annoying when the genuine mail is sending me a one-time code.
>
> Of course, the greylisting doesn't work on any spambot that works like
> a real MTA and retries.
>
> So I was wondering what difference it would make if I exempted
> SPF-valid mail from greylisting. Does one see lots of fire-and-forget
> but SPF-valid spam?
>
> (And the reason I'm asking rather than measuring is that I would have
> to go to the trouble of setting up SPF - I run Debian, and haven't yet
> found the need to switch to stock Exim where SPF is a simpler setup.)
>
> Julian.
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
