spf-discuss
[Top] [All Lists]

Re: [spf-discuss] SPF -all domain survey

2007-12-10 08:02:55
On Mon, Dec 10, 2007 at 08:30:14AM +0000, Greg Hewgill wrote:
A few days ago I got curious about the number of domains that actually
use -all at the end of their SPF recods. I gathered some sources of
domain names, and set up a web site to track it all: http://spf-all.com

I am still in the process of loading domains. The text on the main page
(the counters and lists) currently updates every hour.

If you have any suggestions for content or presentation or new sources
for domain names (see the About page), please let me know!

You wrote "... and are safe from email forgery."

This is too optimistic (unfortunately).

SPF will only work if both ends of the email transaction are using it,
meaning if a receiver does not use SPF, it will just accept the email.
Quite often these are also the receivers which will accept a message,
detect a virus or spam in it, and then "return" it to the "sender".

Even if both ends are using SPF, misdirected bounces can still occur.
Yes, even when someone publishes -all.

To balance things, you may want to keep score on providers not checking
SPF records.

my 2c
Alex

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Archives: http://v2.listbox.com/member/archive/735/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/735/
Modify Your Subscription: 
http://v2.listbox.com/member/?member_id=2183229&id_secret=74216125-275cef
Powered by Listbox: http://www.listbox.com