spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [spf-discuss] Re: Appeal: Publication of draft-lyon-senderid-core-01 in conflict with referenced draft-schlitt-spf-classic-02

2005-12-09 15:51:09
from [Michael Elliott] [Permanent Link] 
Frank Ellermann <nobody(_at_)xyzzy(_dot_)claranet(_dot_)de> wrote:

Michael Elliott wrote:

 [FAIL results for mail claiming to be from you]

these numbers are to be taken as anecdotal.


Still interesting...
 

DNS servers querying v=spf1 records:      5216
DNS servers querying spf2.0 records:       828
DNS servers querying only spf2.0 records:  152
   doing the math, servers checking both:  676


...the "only spf2.0" are apparently PRA-only checks getting
the "opt out" idea right (as specified in senderid-core)

Or rather, they would get it right, your PRA is not a strict
"opt out", for "a mx" you offer a PASS.  But 152 is more than
Wayne's zero 20 weeks ago.

For the 676 doing both we can also hope that there's only one
reason to check spf2.0/pra after v=spf1, because they did not
abuse v=spf1 for PRA.  Of course we don't know what they'd do
if there is no spf2.0/pra.


the other guys are catching up in usage.


Yes, 16% is more than I expected.  Bye, Frank


I went back and did some spot checking via timestamps.
        *Those numbers are flawed.*

Most servers that are checking spf2.0 records are not checking the 
corresponding v=spf1 records either immediately before or after
the spf2.0 check.  So the doing the math line is bad. 
That line is actually DNS servers who have clients doing v=spf1 
checks and different clients doing spf2.0 checks.   The line 
querying only spf2.0 records stands out even more.

So, yes, if there is an opt out spf2.0 record, it will be read
first and processed by most spf2.0 implementations.  

It appears that only one implementation is bahaving badly, and it 
is somewhat identifiable.  It squashes the queries to lower case, 
and checks v=spf1 first sometimes.  The software appears to have 
about 5% of the spf2.0 market share and generated about 1.3% of 
the spf2.0 queries.

Should I go pestering postmasters to see which software package
this is?

-Mike Elliott

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [spf-discuss] Re: Appeal: Publication of draft-lyon-senderid-core-01 in conflict with referenced draft-schlitt-spf-classic-02, Frank Ellermann
Next by Date:  [spf-discuss] Re: Appeal: Publication of draft-lyon-senderid-core-01 in conflict with referenced draft-schlitt-spf-classic-02, Frank Ellermann
Previous by Thread:  [spf-discuss] Re: Appeal: Publication of draft-lyon-senderid-core-01 in conflict with referenced draft-schlitt-spf-classic-02, Frank Ellermann
Next by Thread:  [spf-discuss] Re: Appeal: Publication of draft-lyon-senderid-core-01 in conflict with referenced draft-schlitt-spf-classic-02, Frank Ellermann
Indexes:  [Date] [Thread] [Top] [All Lists]