spf-discuss
[Top] [All Lists]

Re: SPFv1 record failure cases

2005-07-21 12:10:47
wayne writes:
As I mentioned in my in my post about the Email Auth Summit, Harry
does not know of any "significant" cases where the re-use of SPFv1
records fail.


I would like to generate a list of all cases where the re-use is an
actual problem.  While I'm not concerned if the cases meet MS's
definition of "significant", I am very interested in actual data on
the size of the problem.  Where, "size" could be the percentage of
email or the number of domains, or whatever.


Please send in your list.

I've been reluctant to bring this up, because I don't like it.
However, in the long run it's better to deal with things as they are,
not as I'd like them to be, and since you asked ...

I run sendmail's sid-milter.  It does both SPF "classic" checks and
Sender-ID checks.  By default it uses v=spf1 records only, for both
checks, and I ran it that way for weeks.

It logs the result of each check, so I have thousands of log entries
reporting both checks.  1000 messages for which SPF or Sender-ID
yielded a definitive pass or fail would typically include only about
10-20 for which they disagreed.  When they did, the one saying "pass"
was nearly always right.

My mail system rejects most spam before messages reach milter
processing.  The results for all mail including spam might be very
different.

While fixing some bugs in sid-milter, I modified it to run the way I
want it to.  As I now run it, the PRA check does not use v=spf1
records.

BTW, now more than a third of the mail getting to my milters (i.e, the
mostly-legitimate mail) is from domains with SPF records.

--
Dick St.Peters, stpeters(_at_)NetHeaven(_dot_)com 
Gatekeeper, NetHeaven, Saratoga Springs, NY
Saratoga/Albany/Amsterdam/GlensFalls/Greenwich/NorthCreek/SaranacLake
    Oldest Internet service based in the Adirondack-Albany region