On Thu, 26 May 2005, Andrew Newton wrote:
OK, 85%. Is that better? Still beats the 80/20 rule easily. How much
mail is not sent directly from the sending ISP to the destination ISP.
For AOL it is a small number.
So why aren't more people publishing very assertive SPF records ending in
-all and why aren't more people only accepting mail that has a PASS?
85% of email traffic (percent counted based on single messages) may well
be < 50% of email senders (percent counted based on individual authors)
and may be < 10% of email sender domains (percent counted based on domains
of individual senders).
Its that last number that is likely to be crucial because the first 2
numbers involve people user communicates with most often or who are on
the same net and those are likely to already be on their whitelist (if
they have it), but user does not expect mail from others to be rejected
or otherwise such user would already be using whitelisting-only setup.
Like Carl, I use SPF but not in the manner prescribed by the SPF documents.
Unless I'm mistaken, you use it exactly in the manner prescribed by the EHLO
part of the spec, you're just downgrade results from MAILFROM check.
As I said long ago, EHLO should be totally separate document with separate
recommendations about its use (like CSV) and separate recommendations about
setting up records (because records should be a lot more precise and consist
of one or couple of "a" instead of entire ip blocks and includes).
And for each scope like EHLO it should be up to receiver if it wants to
use just one scope or several in combination with optional document
that is available describing guidelines for doing combined checks.
I think there would be fewer detractors of SPF if more emphasis were placed
on the "Framework" portion of the spec.
Sure, I'd love to get started on the "Framework" (aka UnifiedSPF), if only
we did not have well known political factors distracting us from the work.
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net