On Sunday 31 October 2004 04:15, John Levine wrote:
The amount of mail going through SPF tests is still small, and only a few
aggressively wacky sites block mail that fails SPF.
With the release of SA3.0, this is likely changing.
Small amount of mail tested, or few wacky sites? Both, I suppose.
If people really are doing tests of SPF or Sender ID or other similar
schemes, I'd be most interested in hearing about the results,
particularly numbers of how much legit mail is tagged valid or
invalid, how much spam is tagged valid or invalid, and how spammers
are adapting/ Ciphertrust says they've seen more spam than good mail
pass SPF checks. That doesn't surprise me, but their numbers were so
small that I'd like to see some confirmation.
I've got an SPF setup running at the moment - not a high traffic site - around
4k messages per day.
The results I'm seeing are something like:
85% - No Record
5% - Hard Fail - Breached record
10% - SoftFail
Of the hard fails none are legit - I'm actually bouncing on hard fail.
So far, all of the SoftFails have been eBay Phishes - I have my system set up
to make sure that softfails get through, but get hammered through every evil
that SpamAssassin and DSPAM can do to them.
Now, granted that I have SPF as a last layer behind a couple of DNSBLs,
numerous header and body checks and Greylisting, but I'd have expected
something to have managed to get through that was handled in a non-optimal
manner - so far nothing.
If Mind over Matter is a Matter of Course
Does it Matter if Nobody Minds?