On Wed, 1 Jan 2014 20:46:58 +0100
Matus UHLAR - fantomas <uh...@fantomas.sk> wrote:
> On 01.01.14 11:34, David F. Skoll wrote:
> >I don't find it very effective. It would stop maybe 5% of all the
> >spam on our systems at most.
> ...and how many forgeries did this stop?
A few. Our current incident database contains the following quarantined
messages:
Total incidents: 16 260 780 (16 million)
SPF softfail: 914 609 (~1 million)
SPF fail: 429 697 (~400K)
So SPF only applies to about 8.4% of our quarantined mail and SPF "fail"
to only about 2.6%.
Furthermore, SPF "softfail" is usually indicative of a domain owner
who is clueless about how to set up a proper SPF record rather than a
forgery.
SPF is very good at stopping forgeries of the envelope sender.
However, it's completely useless at stopping forgeries where the From:
header is <serv...@paypal.com> but the envelope sender is
<www-d...@hacked.luser.org>
It's also only mildly effective at stopping backscatter because not
enough sites actually check SPF to significantly reduce backscatter.
What it *is* good at is acting as a CYA mechanism. If someone
complains that we are spamming, we can prove to them that the mail
originated from a server we didn't authorize and was therefore forged.
Regards,
David.
