Hello,
I am only using SPF, DKIM and DMARC information to up points in my spamassassin (there are too many badly configured SPF sites around, and they most of the time are not DNSSEC-secured). In general, SPF/DMARC alone is not enough to mark as spam in my opinion.
However, someone reported the following issue with Sunrise: apparently they are lacking at least ONE of their webmail SMTP senders in their SPF records: 195.141.178.228 for example.
dplanet.ch descriptive text "v=spf1 mx include:spf.sunrise.ch -all"
spf.sunrise.ch descriptive text "v=spf1 ip4:195.141.178.100 ip4:195.141.178.101 ip4:195.141.178.220 ip4:195.141.178.221 ip4:195.141.178.223 ip4:195.141.178.229 ip4:195.141.178.94 ip4:195.141.178.95 ip4:195.141.178.96 ip4:195.141.178.71 ip4:195.141.178.199 ip4:195.141.178.74 195.141.178."
It especially may break dplanet.ch senders as their DMARC policy is quarantine (sunrise's is none). Gmail was for example reporting random problems depending on the sunrise sender (webmail) SMTP IP address:
ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of innocent-buddy@dplanet.ch designates 195.141.178.229 as permitted sender) smtp.mailfrom=innocent-buddy@dplanet.ch; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=dplanet.ch
ARC-Authentication-Results: i=1; mx.google.com; spf=fail (google.com: domain of innocent-buddy@dplanet.ch does not designate 195.141.178.228 as permitted sender) smtp.mailfrom=innocent-buddy@dplanet.ch; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=QUARANTINE) header.from=dplanet.ch
Sunrise end-user support did not seem to notice yet, so if someone around here has better / direct contact, it would be handy.
Have a nice week-end anyway.