[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Mon, Jan 25, 2010 at 1:49 PM, Simon Waters wrote: > I very much doubt the 53% of server use SPF, possible 53% of senders set it > on a domain. Very few who deploy SPF filters reject out right on failure, > which tells you how useful it is at it's own job. Which is partly because most senders who set it don't (dare to) say: "these are the IP addresses of our MTAs; if you see anything pretending to come from us from a different address, please discard the email". They're much more likely to say something like "well, if it doesn't come from these addresses, you can't be sure". In some cases they just say "with email from us, you can never be sure". :-) But as you said, it's also because SPF is broken too easily. > DKIM sensibly moves this to authenticity of originating server. I think even > fewer people filter using DKIM. Officially, that's because DKIM shouldn't be used as a spam filter but purely as a means to check the authenticity of emails. But it's mostly because, while DKIM allows senders to tell recipients to discard all unsigned email pretending to originate from their servers, very few use it like that. It's very hard to find a domain that says it signs all of its email; apparently those who benefit most from DKIM (Paypal, banks etc.) are still too scared of accidentally sending non-signed email. > However once all email can establish it's senders identity, you still have > to decide if this is a sender whose email you want. If your default answer > to that question is yes, you'll still get spam. And I think that should be your default answer; if not, you may as well let your trusted contacts authenticate into your MTA. And yes, that does mean you'll still get spam. Martijn. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html