Philip Prindeville wrote:
> Anyone have monthly numbers for the percentages of
> sites that have SPF turned on for their incoming messages?
>
> I.e. if you received 1000 messages last month... how many
> unique domains were represented, and of those, how many
> had SPF enabled? And how many messages turned out to
> be spoofed by the SPF failure test?
>
Domains, not sure, but I can give you some numbers on messages.
Real numbers from last week:
Total messages scanned by SA:
19268
Number of messages matching SPF_FAIL:
89
Number of messages matching SPF_SOFTFAIL
493
Number of messages matching SPF_NEUTRAL
200
Number of messages matching SPF_PASS
6064
Note however: I greylist most dynamic hosts, so I'll get a lot less SPF failures
than most folks.
Even so, only 31% of my mail comes from domains that support SPF.
Strangely, the SPF_FAIL matches don't come from a small number of domains.. At
casual glance, there's not that many duplicates. Some of them are even SPF
failures for SURBL listed spam domains!
Here's a small sampling of domains that the 89 spf failures were spread across:
passport.yandex.ru
gmx.ch
tm.net.my
tlen.pl
charter.com
zx.com
mail.offermonkey-zz.com
fastnbetter.com
mail.rick-list.net
buss.com
angelfire.com
Here's some SPF_FAILs that were forging domains listed in URIBLs (munged to
avoid being bounced by the list, since even mentioning a domain that's on a lot
(ie: 4) of SURBL lists is enough score to break the list's 10-point limit)
ihllywd*MUNGED-WS_BLACK*.com
sureroad*MUNGED-WS_BLACK*.com
outpostsmem*MUNGED-WS_OB*.com
dizclck*MUNGED-WS_BLACK*.com
gatebuys*MUNGED-WS_BLACK*.com
hollygwired*MUNGED-WS*.com
19co19*MUNGED-BLACK*.com
17co17*MUNGED-BLACK*.com
Note: I munged them with the names of the URIBLs that list them.
BLACK is uribl.com's black
WS and OB are the respective lists on surbl.org
