spf-discuss
[Top] [All Lists]

Re: Is anyone doing PRA checks?

2005-07-25 13:25:34
Ok, so my question is:  Is anyone actually doing PRA checks?

Would others be willing to add a similar tracking exists: on their
records and see if they get the same results?


-wayne

We have had it running for a long time.  Here are the stats.
"spf2.0/pra -exists:praI.%{i}.F.%{l}.%{o}.H.%{h}.spf.msen.net ?all"

1,086 checks of spf2.0/pra over 35 days.  Of those, 97 were valid 
and consisted of 5 email addresses that sent mail repeatedly.  
The other 989 emails consisted of 128 forged email addresses.
Most were once or twice, but a couple of addresses were used 
by zombies each once, but adding up to hundreds of times total.  
Amazingly, only 6 forgeries and 1 zombie/virus attempted to send 
from the same IP/HELO to the same destination more than once.
259 DNS servers were used.

As for the spf1 records: 
"v=spf1 a ip4:148.59.19.0/24 ip4:139.171.64.9 ip4:148.59.80.48/29
 exists:%{l}.%{o}.spf.msen.net 
 exists:I.%{i}.F.%{l}.%{o}.H.%{h}.spf.msen.net -all"

24,789 checks of spf1 over 35 days that had made it to the final 
exists: before the -all.  Anything matching the a: or ip4: was not 
logged.  The pra check above logs all, this logs only failures.
To find full usage of SPF, I would have move the exists: clause
to the beginning of the line increasing load for everyone.  I am
not ready to do that unless somebody needs more firm statistics.
1,711 forged email addresses checked a total of 24,789 times.
1,960 DNS servers were used.

-Mike Elliott