Here are some of my stats that backup what Matt has
said about SPF-Pass. Almost 2/3 spam here.
I'm concerned with all the port 25 blocking and
people being forced to use the ISP mail servers, how is SPF is going to adapt to
that?
Are they going to come up with SPF-FAIL results,
which would certainly weaken that test.
Or is everyone going to play it safe and we'll end
up with lots of SPF-Unknowns which can't be scorable.
Test |
Month |
Count |
Ham |
Spam |
Unknown |
SPFFAIL |
4/1/2004 |
1443 |
8 |
1421 |
14 |
SPFFAIL |
5/1/2004 |
2268 |
25 |
2240 |
3 |
SPFFAIL |
6/1/2004 |
4006 |
126 |
3872 |
8 |
SPFFAIL |
7/1/2004 |
6100 |
30 |
6065 |
5 |
SPFFAIL |
8/1/2004 |
10215 |
66 |
10143 |
6 |
SPFPASS |
4/1/2004 |
1733 |
1688 |
30 |
15 |
SPFPASS |
5/1/2004 |
2838 |
2205 |
610 |
23 |
SPFPASS |
6/1/2004 |
2699 |
1925 |
736 |
38 |
SPFPASS |
7/1/2004 |
4173 |
2358 |
1761 |
54 |
SPFPASS |
8/1/2004 |
10268 |
3963 |
6202 |
103 |
SPFUNKNOWN |
6/1/2004 |
63247 |
6661 |
56375 |
211 |
SPFUNKNOWN |
7/1/2004 |
269416 |
29890 |
238469 |
1057 |
SPFUNKNOWN |
8/1/2004 |
318981 |
32078 |
285667 |
1236 |
----- Original Message -----
Sent: Saturday, September 11, 2004 12:03
PM
Subject: Re: [Declude.JunkMail] SPF
Records and Off-Network Customers
I believe that SPF is almost all hype and hardly any value to
speak of.
It was originally intended to authenticate hosts, but
spammers quickly caught on and started giving themselves SPF records ( http://netscape.com.com/2100-1009_22-5357269.html?part=netscape&subj=technews&tag=mynetscape
). I believe that SPF Pass will soon be primarily spam hits and that
study that I linked to said it was already 1/6 of all such
results.
Then there is the issue where many domains might use
forwarding, E-mail scripts, sites that use E-mail scripts, or any number of
different servers, meaning that most are inappropriate for anything but an
'Unknown' record. Now some administrators will claim a modicum of
usefulness to having the Unknown records, although I don't see it, and others
appreciate those that do specify their source IP's, I don't see it and let me
clearly state why. First off, it's not SPF that is scoring your E-mail,
and even some administrators around here have suggested blocking on SPF Fail
alone. So if I had a domain that had only one server to send from, but I
used an E-mail script somewhere for an inquiry to a company that blocks on SPF
Fail, I would be shooting myself in the foot. There are enough people
out there misconfiguring their SPF records, and enough people out there that
have too much confidence IMO in people setting up their own records to turn
this from a minor benefit into a less accurate than desirable solution, and it
will only get worse in time as the less aware start implementing them with a
one-click solution to limit all E-mail just to one server as far as SPF
goes. There are even administrators out there that have indicated that
they would give SPF Unknown results a score.
Personally I refuse to
implement SPF because I don't want to give less aware/experienced
administrators another tool that they can use to potentially block my
customer's legitimate E-mail. I am also somewhat surprised that so many
people are waving the banner of SPF. The only reason IMO to support SPF
is to hope that with the support, it turns into something worthwhile down the
road after significant modification.
Seems to me that pushing SPF
currently is done more to say that you do it rather than for what SPF does,
a.k.a. a buzzword.
Matt
David Dodell wrote:
Saturday, September 11, 2004, 7:04:55 AM, Darin Cox wrote:
Yes. One of the flaws of SPF. However, you can also use a weaker SPF
record that says basically that you don't know what mail server it is coming
from. Not much point in that except to say that you're using SPF, though I
suppose it might be possible that a particular mail admin might penalize
sites that haven't implemented SPF in spam weighting.
This is not good ... I don't see SPF becoming a useful tool, since I
have a few customers in this particular situation, and without
widespread SPF implementation I don't see it particularly helpful.
A caveat on the above flaw: SPF does have the ability to reference another
domains SPF records, so if the ISP in question has implemented SPF you
should be able to "inherit" their SPF implementation by referencing it in
your own. I haven't had an occasion to try that out yet, though.
But this requires me to keep up each customers ISP ... what a pain.
And what happens when one travels? I was traveling a few weeks ago,
and the hotel's IP connection had port 25 blocked ... so I couldn't
use my own SMTP server remotely using SMTP AUTH. I called the hotel's
ISP and they opened up port 25 for my room's IP for my stay since I
was going to be there for a week, but the average person is not going
to do this.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
--
=====================================================
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=====================================================
|