In
<Pine(_dot_)LNX(_dot_)4(_dot_)58(_dot_)0410070907590(_dot_)8898(_at_)snoopy(_dot_)smi(_dot_)sendmail(_dot_)com>
Rand Wacker <rand(_at_)sendmail(_dot_)com> writes:
On Thu, 7 Oct 2004, wayne wrote:
In
<Pine(_dot_)LNX(_dot_)4(_dot_)58(_dot_)0410061129590(_dot_)7769(_at_)snoopy(_dot_)smi(_dot_)sendmail(_dot_)com>
Rand Wacker <rand(_at_)sendmail(_dot_)com> writes:
I agree and have seen similar estimates to everything you say Carl, but
its important to note that without infrastructure upgrades then you can't
reliably reject mail that *fails* an SPF or SID check without causing a
false positive rate of nearly 20%
Can you provide any data to back up this 20% false-positive claim?
It was a corrolarly to the 80% direct-mail number that Carl was talking
about.
You might want to re-read what Carl wrote. He said "But I also
believe that 80% of the mail AOL receives is A) One Hop today
B) Would pass SPF and SenderID type path checks"
Just because an email is multi-hop doesn't mean that it would fail SPF
checks. A domain owner that knows that it sends a lot of email
through channels where SPF checks would fail will likely not publish
SPF records that can cause a FAIL result (e.g. use ?all instead of
-all).
You also say that you have seen similar estimates, you dropped the
qualification that Carl used (the "believe" part), and Carl's message
didn't not provide any data.
To give *very* quick sample of data, in the last 90 days, I have
received 377 emails to my personal inbox, of which, 111 give SPF pass
(29%), and 9 give SPF fail (2%). If those 9 that fail, one has since
fixed their SPF record, 7 came from one source, and one came from
another when he was using an Internet cafe.
2% is still *way* too high for most people to reject on, but it is far
lower than the 20% claimed.
-wayne