Looking at the last 8 days, I see about 1.5% of minor (or larger) spf pra's we've evaluated had an error (pra's with errors / pra's with a pass), which includes DNS errors, bogus mechanisms, timeouts, etc. That does rise to 7% if you include all senders, but those are some pretty small fry.
I make no claims as to whether our handling is rigorous or not, and due to the evaluation order in spf, evaluating for a particular ip may pass before the error in the record is encountered. Without a DMARC p=reject, it is unlikely we would ever reject based on bogus spf records, however. Brandon On Tue, May 16, 2017 at 2:07 PM, Renaud Allard via mailop <mailop@mailop.org > wrote: > > > On 16/05/17 22:12, D'Arcy Cain wrote: > >> On 2017-05-16 03:35 PM, Laura Atkins wrote: >> >>> Because in large, international corporations there are processes. >>> >>> I worked with a bank a few years ago looking at authentication. It took >>> an inconceivable amount of time just to identify which country IT group >>> held the authoritative records for rDNS and who needed to approve >>> changes. Because, no, you don’t want some J. Random Person authorizing >>> DNS changes. >>> >>> “A Day” is just not going to happen in the real world. Even just for >>> banks. >>> >> >> It doesn't have to happen for banks. All it takes is for some bank >> president to not be able to email a client to get questions asked. We just >> need a significant number of addresses blocked due to incompetent >> administration. >> >> > Actually, all it needs is a big freemail provider like gmail to start > blocking on bad DNS info and banks will get it mostly right within the next > 24/48 hours. > > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop > >
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
