Philip Prindeville wrote: > Anyone have monthly numbers for the percentages of > sites that have SPF turned on for their incoming messages? > > I.e. if you received 1000 messages last month... how many > unique domains were represented, and of those, how many > had SPF enabled? And how many messages turned out to > be spoofed by the SPF failure test? >
Domains, not sure, but I can give you some numbers on messages. Real numbers from last week: Total messages scanned by SA: 19268 Number of messages matching SPF_FAIL: 89 Number of messages matching SPF_SOFTFAIL 493 Number of messages matching SPF_NEUTRAL 200 Number of messages matching SPF_PASS 6064 Note however: I greylist most dynamic hosts, so I'll get a lot less SPF failures than most folks. Even so, only 31% of my mail comes from domains that support SPF. Strangely, the SPF_FAIL matches don't come from a small number of domains.. At casual glance, there's not that many duplicates. Some of them are even SPF failures for SURBL listed spam domains! Here's a small sampling of domains that the 89 spf failures were spread across: passport.yandex.ru gmx.ch tm.net.my tlen.pl charter.com zx.com mail.offermonkey-zz.com fastnbetter.com mail.rick-list.net buss.com angelfire.com Here's some SPF_FAILs that were forging domains listed in URIBLs (munged to avoid being bounced by the list, since even mentioning a domain that's on a lot (ie: 4) of SURBL lists is enough score to break the list's 10-point limit) ihllywd*MUNGED-WS_BLACK*.com sureroad*MUNGED-WS_BLACK*.com outpostsmem*MUNGED-WS_OB*.com dizclck*MUNGED-WS_BLACK*.com gatebuys*MUNGED-WS_BLACK*.com hollygwired*MUNGED-WS*.com 19co19*MUNGED-BLACK*.com 17co17*MUNGED-BLACK*.com Note: I munged them with the names of the URIBLs that list them. BLACK is uribl.com's black WS and OB are the respective lists on surbl.org