On 22 Feb 2013, at 19:58, Chris Siebenmann <cks@???> wrote
> These records have a general neutral '?all' result
> (and this is never, ever going to change). We would be extremely angry
> if some remote system took this as free license to send us DSNs for a
> spam run instead of rejecting at SMTP time.
Well, I don't think I suggested that. But I do think that domain owners owe it to themselves to have some control over how their email domains are used, and to assist email recipients in distinguishing between spam and genuine email purporting to be from their domains. Careful use of DKIM, SPF and DMARC all domain owners to do this. Given that we have those technologies, it is only a matter of time before it's hard to trust domains that choose not to use them.
> I'm genuinely curious: do you have any stats on how many senders and
> how much email passes strong SPF authentication?
>
> (By strong SPF authentication I mean where the origin domain publishes
> SPF that actually has restrictions and the email passes some positive
> SPF assertions. Passing a '?all' assertion is IMHO not a meaningfully
> SPF authenticated email.)
Yes, I do.
http://www.sussex.ac.uk/its/mailstats/stats/
Most of the mail that we accept for delivery has an SPF PASS, with relatively few having "SOFTFAIL" or "NEUTRAL" results. We apply small spamassassin scores for SPF, so we even accept some "FAIL"s.
It's possible that some of those passes come from "+all" records, but publishing such records is, in my view, a strong spam indicator.
I agree that passing ?all is not authentication at all. It's generally intended for
--
Ian Eiloart
Postmaster, University of Sussex
+44 (0) 1273 87-3148
