Michael Elliott wrote:
DNS servers querying v=spf1 records: 5216
DNS servers querying spf2.0 records: 828
DNS servers querying only spf2.0 records: 152
doing the math, servers checking both: 676
[...]
the other guys are catching up in usage.
Yes, 16% is more than I expected.
I went back and did some spot checking via timestamps.
*Those numbers are flawed.*
Okay, so the 676 are name servers used by all kinds of
clients, v=spf1, spf2.0, and mixtures.
But "16% of SPF queries not resulting in PASS are spf2.0
queries" (from your POV) should still hold, rounded it's
(828*100) / (5216+152) = 15.424739, not using the 672.
It's a bit skewed because there are more chances to get
an SPF-PASS with your policy records. OTOH receivers
rejecting SPF FAIL might never try PRA (?)
So, yes, if there is an opt out spf2.0 record, it will be
read first and processed by most spf2.0 implementations.
That's good for the new "IESG note" and for those willing
to play along with "opt out" schemes.
It appears that only one implementation is bahaving badly,
and it is somewhat identifiable. It squashes the queries
to lower case, and checks v=spf1 first sometimes.
How do you define "badly" ? With your records you can only
see well-behaved implementations wrt "opt out". Or do you
use different local parts in MAIL FROM and PRA ?
Should I go pestering postmasters to see which software
package this is?
I'm not sure. The SPF spec. allows mixed case labels with
all printable ASCII characters plus space (as %_) excl. dot.
Bye, Frank
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com