Frank Ellermann <nobody(_at_)xyzzy(_dot_)claranet(_dot_)de> wrote:
Michael Elliott wrote:
[FAIL results for mail claiming to be from you]
these numbers are to be taken as anecdotal.
Still interesting...
DNS servers querying v=spf1 records: 5216
DNS servers querying spf2.0 records: 828
DNS servers querying only spf2.0 records: 152
doing the math, servers checking both: 676
...the "only spf2.0" are apparently PRA-only checks getting
the "opt out" idea right (as specified in senderid-core)
Or rather, they would get it right, your PRA is not a strict
"opt out", for "a mx" you offer a PASS. But 152 is more than
Wayne's zero 20 weeks ago.
For the 676 doing both we can also hope that there's only one
reason to check spf2.0/pra after v=spf1, because they did not
abuse v=spf1 for PRA. Of course we don't know what they'd do
if there is no spf2.0/pra.
the other guys are catching up in usage.
Yes, 16% is more than I expected. Bye, Frank
I went back and did some spot checking via timestamps.
*Those numbers are flawed.*
Most servers that are checking spf2.0 records are not checking the
corresponding v=spf1 records either immediately before or after
the spf2.0 check. So the doing the math line is bad.
That line is actually DNS servers who have clients doing v=spf1
checks and different clients doing spf2.0 checks. The line
querying only spf2.0 records stands out even more.
So, yes, if there is an opt out spf2.0 record, it will be read
first and processed by most spf2.0 implementations.
It appears that only one implementation is bahaving badly, and it
is somewhat identifiable. It squashes the queries to lower case,
and checks v=spf1 first sometimes. The software appears to have
about 5% of the spf2.0 market share and generated about 1.3% of
the spf2.0 queries.
Should I go pestering postmasters to see which software package
this is?
-Mike Elliott
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com