----- Original Message -----
From: "David Woodhouse" <dwmw2(_at_)infradead(_dot_)org>
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Wednesday, December 15, 2004 11:56 AM
Subject: Re: [spf-discuss] Re: Security Wire Perspectives mentions SenderID
On Wed, 2004-12-15 at 07:20 -0500, Hector Santos wrote:
Obvious SPF was in use. There were plenty of people providing SPF
stats, Wayne including myself talked about SPF stats quite often.
I've seen stats on SPF _publication_ which currently set the number of
domains publishing SPF at just over two hundred thousand¹ out of a total
of 65 million² domains -- about 0.3%.
To the nearest percentage point, that's a zero percent rate of
publication -- and that's _including_ the records with '?all' and the
ones which say just '-all' because they send no mail. It may also be
including multiple subdomains too; I'm not sure.
Point taken, but lets do a Rummy here:
In the total picture, SPF is still negliable?
Sure! It is! We pointed that out MANY times!
Is 200K is enough to gain statistical information?
Absolutely! I think so!
Is using over a lengthy time adds weigth to any accumulated statistics?
Yes! Why not?
Is it enough to say "No one has actually tried out SPF or Sender ID or
anything else?"
Of course not!
Does the growth of SPF over anything suggest that does have some VALUE?
You bet!
Can SPF be viewed a "Social Network Solution?"
I tend to believe it is!
Does this mean that your statistics are higher on your most active
relationships vs open ended anonynmous senders?
You bet!
Does this means SPF including all LMAP solutions will have a high overhead
on open-ended anonymouse senders?
You can sleep like a baby! Absolutely!
That's not even the most interesting statistic though --
I'd be more interested in a figure on the number of people who are
actually _rejecting_ mail due to SPF failures.
Does anyone have statistics on that?
Sure, we have for over 1 year!
See the "Anti-spam Statistics" (left side menu item) at
http://www.winserver.com/sslinfo
David, this is not the first time statistics have been posted. If a few
people wish to pick and choose what they want to read, hey, I guess, you
can' t do anything about that but shake your head.
Yes, the more detail breakdowns need more explanations. The numbers you see
are rejections.
In regards to SPF, I will explain this month (use the second table),
So far, there were 110 rejections based on SPF, 25 based on CEP.
Now, absolutely, that is VERY negliable part of the total rejection factors.
But you need to look at it at how many MAKE it to each stage.
Since we do a delay validation, White/Black and RBL before SPF, we reject a
high 80-95% before it even makes to LMAP considerations, DMP, SPF, CEP.
Also, by far, there is a learning process of "Social Networking" here.
Most of our legit contacts are customers (other WCSMTP operators), hence
they are probably using SPF as well or have our WCSAP installed as well. So
we validate them pretty fast with SPF or another way.
Also note we use a CBV system as well as a final check, it passes everything
else.
Now, what about false positives?
Well, I believe at this time, the best one can do is get the effective of
your system is to base it the level of complaints you get.
Spammers will not complaint. Legit systems will report a problem. I can
assure you if the mail is being rejected, we hear it. Fortunately, this is
very rare support issue. But we do get it here and there, and ironically its
usually points to an incorrect setup issue. Nothing to do with the
unreliability of it.
Now what about forwarding problems?
Well, of course, it is a real issue and possibility. We have YET to see it
be a big issue for us. I guess that means that MOST legit systems are
sending direct and those systems that are forwarding, if it happens to
result in a SOFTFAIL or NEUTRAL, well, it comes in or its passed or rejected
with the CBV. In other words, the FP are not an issue.
Finally, we have thousands of systems running our system. We did an early
stats comparison with a selected group. The numbers were all basically the
same.
Sincerely,
Hector Santos, CTO
Santronics Software, Inc.
http://www.santronics.com
305-431-2846 Cell
305-248-3204 Office
--
dwmw2
¹ http://spftools.net/register.php
²
http://www.verisign.com/verisign-inc/news-and-events/news-archive/us-news-20
04/page_015910.html
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Read the whitepaper! http://spf.pobox.com/whitepaper.pdf
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com