On 10/01/2007, at 2:51 PM, Howard Lowndes wrote:
Just out of curiosity, and because I am procrastinating about doing something else, I ran a quick analysis across my mail log file to see what the extent of the use of SPF is:pass 29517 neutral 30354 softfail 31082 none 4783 unkown 31143 "pass" = SPF record found and mail sender is kosher "neutral" = SPF record found but we'll sit on the fence "softfail" = SPF record found and the mail sender is not kosher "none" = the DNS does not have a SPF TXT record "unknown" = we couldn't find any DNS server for the sender address
Others have made some good points but I'll throw in the last omission. SPF completely falls in a heap when you forward mail at the SMTP level (think ".forward" files and other methods). I send a message to my account at Uni, it then forwards it to me at a different address but DOESN'T rewrite the envelope sender. Bzzzt - SPF fail. Considering the number of systems that forward mail to me, SPF is more a pain than anything else. I've found good RBL's (at the SMTP level, as well as further upstream like SpamAssassin) mitigate the flow of spam better than SPF ever has (could).
Cheers, James
smime.p7s
Description: S/MIME cryptographic signature
-- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html