At 11:05 27/11/2009 Friday, Ian Eiloart wrote:
--On 26 November 2009 19:42:05 +0000 alan
<spfdiscuss(_at_)alandoherty(_dot_)net> wrote:
At 11:23 26/11/2009 Thursday, Ian Eiloart wrote:
--On 25 November 2009 17:35:29 +0000 alan
<spfdiscuss(_at_)alandoherty(_dot_)net>
wrote:
At 15:58 25/11/2009 Wednesday, Ian Eiloart wrote:
--On 21 November 2009 15:10:04 +0000 "G.W. Haywood"
<spf(_at_)jubileegroup(_dot_)co(_dot_)uk> wrote:
Hi there,
On Sat, 21 Nov 2009, Thomas Harold wrote:
What is the current thinking on rejecting at the SMTP transaction if
you encounter an SPF fail? Are there a lot of false positives?
As I understand it, most "-all" records are for domains that don't emit
email at all. But, they're not widely published.
if you mean "v=spf1 -all"
ie a record with no passing syntax before the -all
but if you mean records ending with -all you would be incorrect most
people with established spf have there records terminated with a -all
?all being really equivalent to not having any restriction on
forgery/spf-non-believer ~all being a little better but still
effectively saying you want the receiver to consider accepting
forgeries also {but possibly via spam-folder}
Not according to the only stats that I've seen on the matter. They say
9.9% of domains publish SPF, 46.8% of those publish "-all" records, and
70.2% of those are "v=spf1 -all".
For those with "v=spf1 -all" everyone would agree that it can never be
wrong to reject the email, surely? For the other 29.8%, you should still
respect the publisher's policy, but that might result in rejecting
wanted email. Minimise those false positives by allowing your recipient
users to whitelist their forwarders.
I'm not seeing where you disagree with my point here {that -all dosnt
equate to doesn't emit email, only v=spf1 -all does that but i agree that
few are using -all and ~all records and thus most publishing spf, are not
actually using it for its designed purpose of limiting/stopping forgery
{they are using it to say mail that passes IS good, mail that fails...
treat it like it has no SPF {ie take it too}
Perhaps I misunderstood you. I thought you were reading me as saying "most use
of 'v=spf1 -all' is for domains that don't emit mail. Perhaps I should have
said "most domains with '-all' use 'v=spf1 -all' records, to indicate that
they don't emit mail.
i still think we have wires crossed but its pointless i think
But, I think you're claiming that most domains use "-all", whether they emit
mail or not.
no i will clarify all in one moment about my claims {i won't further try and
analise yours}
That's not true according to spf-all.com. They say that most domains don't
use spf. Among domains that use SPF, 53.2% don't use "-all" at all, 32.9% use
"v=spf1 -all", so only 14% use "-all" AND emit email. Alternatively, of email
emitting domains that use SPF, only about 20% use "-all" - assuming that all
spf users that aren't using "-all" do actually emit email.
i was saying {and assuming as understood anything with *}
most domains publish no SPF*
those few that do publish SPF do so ineffectively/uselessly {ie using ?all at
end}*
most domains "effectivly" utilising SPF that emit email use -all at the end
{with a few doing ~all}
most domains "seen" using -all at the end are emitters of email
it is possible that vastly more domains have "v=spf -all" to block
potential-forgeries but these are hardly ever seen and impossible to enumerate
{in my own zone files yes they would be 15 to 1} but few people would ever
query/guess these host/domain-names or know their existence}
I do encourage any/every hostmaster to publish "v=spf -all" on all domains not
used in mfrom or helo
It would be nice if this number is growing
It would be easier to follow what you are saying if you used some punctuation.
At least so we know where one sentence begins, and the next ends. However, I
think maybe you have a typo in "most people with established spf have there
[sic] records terminated with a -all [sic]". I think you meant "their", and
"~all", perhaps?
yes i admit i have no ability to spell or punctuate
yes i meant their
no i meant -all
but should have used a sentence instead of "established"
read established as:
tested working and free from false positives by period of terminating with ?all
then made useful by clue-full admin by switching to -all
as opposed to the majority of SPF publishers who do not "use/utilise" SPF and
stay in the ?all phase permanently so their passing mail gets a green light
from SPF, while their non-passing mail {the spammers} also gets delivered
unhindered.
if -all became more common non-srs-forwarder implementations would lessen
receivers would be pressured to allow white listing of non-srs-forwarders
{actually whitelisting of SRS-forwarders would be necessary too for people
offering a this-is-spam type button to users scoring sending ip reputation on
hits}
or alternately relievers would start offering pop3 pickup from remote as a
better alternative to forwarding {like gmail}
-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/
[http://www.listbox.com/member/]
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com