In <40A2DEA3(_dot_)2040301(_at_)elvey(_dot_)com> Matthew Elvey
<matthew(_at_)elvey(_dot_)com> writes:
You are one of the small minority of SPF adopters who's been able to
publish a -all.
Uh, the vast majority of SPF records that I know of publish -all.
(Anyone have stats?)
Yes, I posted the following information about 6 weeks ago. Besides
noting how many domains publish restrictive SPF records (e.g. -all),
I think it would also be a good idea to note how common things like
the mx: mechanism is.
On May 30 2004 in
<x4d66tonze(_dot_)fsf(_at_)footbone(_dot_)midwestcs(_dot_)com> wayne
<wayne(_at_)midwestcs(_dot_)com> writes:
As many may know, there is an "SPF Adoption Roll" that domain owners
can sign up with, if they want to. These adoption rolls are
notoriously incomplete and unrepresentative, but they often provide
the only available data.
A while ago, I took a copy of the adoption roll and used it for SPF
testing. Here is a very rough breakdown of how domain owners say to
handle IP addresses that they haven't explicitly listed:
8362 domains total
7018 domains say to reject other IPs as a default
906 domains say to give neutral/unknown results as a default
404 domains say to give softfail results as a default
30 domains say to accept other IPs as a default
These numbers don't quite add up. I suspect that is because both my
grep's weren't quite right and because some have created SPF records
that specify more than one default.
The ten most popular SPF records are:
1 1097 v=spf1 mx -all
2 804 v=spf1 ip4:a.b.c.d/32 ip4:a.b.c.d/32 a ptr mx -all
3 463 v=spf1 a mx ptr -all
4 429 v=spf1 a mx -all
5 325 v=spf1 -all
6 306 v=spf1 a -all
7 171 v=spf1 +exists:CL.%{i}.FR.%{s}.HE.%{h}.null.spf.example.com -all
8 131 v=spf1 include:example.org ~all
9 131 v=spf1 a mx ?all
10 130 v=spf1 ?all
(I've slightly munged the above to preserve the privacy of the SPF
adoption roll participants.)
The second most popular SPF record in the adoption roll is an example
of how one specialized web hosting company who decides to add SPF
records for all(?) of their clients can skew the results of the
adoption roll. Actually, the same goes for numbers 7 and 8.
Still, the most popular SPF record is widely used by many different
organizations. It tells us that any LMAP system that can't easily
express that the incoming mail exchanges match up with the outgoing
mail exchanges is going to be a burden for a lot of people. The
number of SPF records with -all in them shows that a lot of people are
willing to reject email from all but a very small set of IP
addresses. Number 5 says that many domains don't send email at all
and thus all email using their domain names is spoofed.
There are 204 SPF records on the adoption roll that use the exists:
mechanism with a macro variable, so a non-trivial number of domain
owners want some sort of more complex than a simple list of IP
addresses.
-wayne