spf-discuss
[Top] [All Lists]

Re: [spf-discuss] Re: [spf-help] How reliable is it to block/reject on SPF fail?

2009-11-27 06:08:41


--On 26 November 2009 19:42:05 +0000 alan <spfdiscuss(_at_)alandoherty(_dot_)net> wrote:

At 11:23 26/11/2009  Thursday, Ian Eiloart wrote:


--On 25 November 2009 17:35:29 +0000 alan 
<spfdiscuss(_at_)alandoherty(_dot_)net>
wrote:

At 15:58 25/11/2009  Wednesday, Ian Eiloart wrote:


--On 21 November 2009 15:10:04 +0000 "G.W. Haywood"
<spf(_at_)jubileegroup(_dot_)co(_dot_)uk> wrote:

Hi there,

On Sat, 21 Nov 2009, Thomas Harold wrote:

What is the current thinking on rejecting at the SMTP transaction if
you encounter an SPF fail?  Are there a lot of false positives?

As I understand it, most "-all" records are for domains that don't emit
email at all. But, they're not widely published.

if you mean "v=spf1 -all"
ie a record with no passing syntax before the -all
but if you mean records ending with -all you would be incorrect most
people with established spf have there records terminated with a -all
?all being really equivalent to not having any restriction on
forgery/spf-non-believer ~all being a little better but still
effectively saying you want the receiver to consider accepting
forgeries also {but possibly via spam-folder}

Not according to the only stats that I've seen on the matter. They say
9.9% of domains publish SPF, 46.8% of those publish "-all" records, and
70.2% of those are "v=spf1 -all".

For those with "v=spf1 -all" everyone would agree that it can never be
wrong to reject the email, surely? For the other 29.8%, you should still
respect the publisher's policy, but that might result in rejecting
wanted email. Minimise those false positives by allowing your recipient
users to whitelist their forwarders.

I'm not seeing where you disagree with my point here {that -all dosnt
equate to doesn't emit email, only v=spf1 -all does that but i agree that
few are using -all and ~all records and thus most publishing spf, are not
actually using it for its designed purpose of limiting/stopping forgery
{they are using it to say mail that passes IS good, mail that fails...
treat it like it has no SPF {ie take it too}

Perhaps I misunderstood you. I thought you were reading me as saying "most use of 'v=spf1 -all' is for domains that don't emit mail. Perhaps I should have said "most domains with '-all' use 'v=spf1 -all' records, to indicate that they don't emit mail.

But, I think you're claiming that most domains use "-all", whether they emit mail or not. That's not true according to spf-all.com. They say that most domains don't use spf. Among domains that use SPF, 53.2% don't use "-all" at all, 32.9% use "v=spf1 -all", so only 14% use "-all" AND emit email. Alternatively, of email emitting domains that use SPF, only about 20% use "-all" - assuming that all spf users that aren't using "-all" do actually emit email.

It would be easier to follow what you are saying if you used some punctuation. At least so we know where one sentence begins, and the next ends. However, I think maybe you have a typo in "most people with established spf have there [sic] records terminated with a -all [sic]". I think you meant "their", and "~all", perhaps?

--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ 
[http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com