[Dshield] Are you using spf records?
martin at forest.gen.nz
Tue Jan 10 01:28:20 GMT 2006
Over the last couple of days, I've done some analyzing at work.
I have analyzed 300000 incoming emails spread over 70000 domain names.
15% of the domains have an SPF record.
3% of the emails had fail during lookup.
13% of the emails had either fail or softfail during lookup.
21% had either fail, softfail or neutral (i.e. if the domain holders that
currently use SPF could confirm their mail servers and change to -all, 21%
of the emails could be dropped right away...)
3% had pass.
3% "pass" sounds low so I looked. It is correct, there is so much
"spoofing" of emails so the "fail" groups/codes are high and the number of
valid emails is low.
The more people that actually use SPF, the better it would be. But even at
the current "low" pic up at 15%, you can safely drop 3 - 13% of emails. At
home, I'm dropping both fail and softfail with great success. :)
It is interesting to compare Yahoo don't use SPF and Hotmail that does. We
have 3 TIMES more spam using Yahoo than Hotmail. I just looked at the logs
for spam detection and we have 1564 rejected spam using Yahoo and only 504
rejected spam using Hotmail. Yahoo may have an intersting alternative to
SPF but it does require much more cpu and complex implementation than SPF.
Overall, domains using SPF records are less spoofed than domains that
More information about the list