ietf-mailsig
[Top] [All Lists]

Re: costs of different approaches

2004-10-07 09:43:57

In 
<Pine(_dot_)LNX(_dot_)4(_dot_)58(_dot_)0410070907590(_dot_)8898(_at_)snoopy(_dot_)smi(_dot_)sendmail(_dot_)com>
 Rand Wacker <rand(_at_)sendmail(_dot_)com> writes:

On Thu, 7 Oct 2004, wayne wrote:

In 
<Pine(_dot_)LNX(_dot_)4(_dot_)58(_dot_)0410061129590(_dot_)7769(_at_)snoopy(_dot_)smi(_dot_)sendmail(_dot_)com>
 Rand Wacker <rand(_at_)sendmail(_dot_)com> writes:

I agree and have seen similar estimates to everything you say Carl, but
its important to note that without infrastructure upgrades then you can't
reliably reject mail that *fails* an SPF or SID check without causing a
false positive rate of nearly 20%

Can you provide any data to back up this 20% false-positive claim?

It was a corrolarly to the 80% direct-mail number that Carl was talking
about.

You might want to re-read what Carl wrote.  He said "But I also
believe that 80% of the mail AOL receives is A) One Hop today
B) Would pass SPF and SenderID type path checks"

Just because an email is multi-hop doesn't mean that it would fail SPF
checks.  A domain owner that knows that it sends a lot of email
through channels where SPF checks would fail will likely not publish
SPF records that can cause a FAIL result (e.g. use ?all instead of
-all).

You also say that you have seen similar estimates, you dropped the
qualification that Carl used (the "believe" part), and Carl's message
didn't not provide any data.


To give *very* quick sample of data, in the last 90 days, I have
received 377 emails to my personal inbox, of which, 111 give SPF pass
(29%), and 9 give SPF fail (2%).  If those 9 that fail, one has since
fixed their SPF record, 7 came from one source, and one came from
another when he was using an Internet cafe.

2% is still *way* too high for most people to reject on, but it is far
lower than the 20% claimed.


-wayne


<Prev in Thread] Current Thread [Next in Thread>