Ok, so my question is: Is anyone actually doing PRA checks?
Would others be willing to add a similar tracking exists: on their
records and see if they get the same results?
-wayne
We have had it running for a long time. Here are the stats.
"spf2.0/pra -exists:praI.%{i}.F.%{l}.%{o}.H.%{h}.spf.msen.net ?all"
1,086 checks of spf2.0/pra over 35 days. Of those, 97 were valid
and consisted of 5 email addresses that sent mail repeatedly.
The other 989 emails consisted of 128 forged email addresses.
Most were once or twice, but a couple of addresses were used
by zombies each once, but adding up to hundreds of times total.
Amazingly, only 6 forgeries and 1 zombie/virus attempted to send
from the same IP/HELO to the same destination more than once.
259 DNS servers were used.
As for the spf1 records:
"v=spf1 a ip4:148.59.19.0/24 ip4:139.171.64.9 ip4:148.59.80.48/29
exists:%{l}.%{o}.spf.msen.net
exists:I.%{i}.F.%{l}.%{o}.H.%{h}.spf.msen.net -all"
24,789 checks of spf1 over 35 days that had made it to the final
exists: before the -all. Anything matching the a: or ip4: was not
logged. The pra check above logs all, this logs only failures.
To find full usage of SPF, I would have move the exists: clause
to the beginning of the line increasing load for everyone. I am
not ready to do that unless somebody needs more firm statistics.
1,711 forged email addresses checked a total of 24,789 times.
1,960 DNS servers were used.
-Mike Elliott