I have gotten two responses from recipients of my controversial forgery
warning DSN. Both actually read the warning. One emailed to assure
me that they really did send it (which at least tells me I can add
a temporary local SPF record for them). The other CCed me after sending
it to their email provider. The rate has been steady at about 100 DSNs
sent per 10000 incoming emails. A total of around 400 have been sent.
I've received several automatic replies to the DSNs (an RFC no-no), but it is
difficult to tell which software is to blame just from the email headers. For
instance, Microsoft SMTP is mentioned in the headers of one reply, but
several experts here say that MS does that part right, and some intervening
MTA must be to blame.
The web site I mention in the DSN is http://spfhelp.net
On the "Other protocols" page, it should mention SES.
I like that fact that it lists Sender-ID as an "Other protocol". I
think it ought to mention which part of the email each other protocol
validates. Many of the other protocols are complementary to SPF,
either by validating other parts of an email (Sender-ID, DK) or
by validating the return path by independent means (SES) - making
the combination more robust than either alone.
It is amazing that an office with 4 mail users would get the volume
of incoming mail that we do. However, it means I don't have to wait
long when testing new milter code :-)
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.