IETF Logo Mail Archive

Re: [dnsext] SPF, a cautionary tale

Mark Andrews <marka@isc.org> Mon, 06 May 2013 01:12 UTC

Return-Path: <marka@isc.org>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 10FE121F973A for <dnsext@ietfa.amsl.com>; Sun, 5 May 2013 18:12:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.438
X-Spam-Level:
X-Spam-Status: No, score=-2.438 tagged_above=-999 required=5 tests=[AWL=0.162, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Tcr+X3LnhI96 for <dnsext@ietfa.amsl.com>; Sun, 5 May 2013 18:12:48 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) by ietfa.amsl.com (Postfix) with ESMTP id 7011421F96E6 for <dnsext@ietf.org>; Sun, 5 May 2013 18:12:48 -0700 (PDT)
Received: from mx.pao1.isc.org (localhost [127.0.0.1]) by mx.pao1.isc.org (Postfix) with ESMTP id D02CDC9465; Mon, 6 May 2013 01:12:40 +0000 (UTC) (envelope-from marka@isc.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isc.org; s=dkim2012; t=1367802766; bh=CXOXoUVF/YxRiQfU6UbcwiTLwEBY855wrj9gyrTlUko=; h=To:Cc:From:References:Subject:In-reply-to:Date; b=VTl1XqfP99aimP2t5oZz8k29FZS4C5oUyy5VjMzkIzmeUQb0kzh4Ghq7ykyl7GMn4 3VpOSfL5PqvnhMG3MWqOU2lb4UzFv03loModTUp4kkGo4wrsNBa876PhST1KS/LO5T v1e9XtFBxOR2WtPTGErWaz508wf2kA/kSPxLK6vM=
Received: from bikeshed.isc.org (bikeshed.isc.org [IPv6:2001:4f8:3:d::19]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "mail.isc.org", Issuer "RapidSSL CA" (not verified)) by mx.pao1.isc.org (Postfix) with ESMTPS; Mon, 6 May 2013 01:12:40 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (c211-30-172-21.carlnfd1.nsw.optusnet.com.au [211.30.172.21]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by bikeshed.isc.org (Postfix) with ESMTPSA id 6F8F9216C40; Mon, 6 May 2013 01:12:40 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (localhost [IPv6:::1]) by drugs.dv.isc.org (Postfix) with ESMTP id A1AD633EB06B; Mon, 6 May 2013 11:12:36 +1000 (EST)
To: "Murray S. Kucherawy" <superuser@gmail.com>
From: Mark Andrews <marka@isc.org>
References: <8D23D4052ABE7A4490E77B1A012B63077516EA82@mbx-01.win.nominum.com> <20130503171843.39672.qmail@joyce.lan> <20130504133312.GA27772@vacation.karoshi.com.> <alpine.BSF.2.00.1305041103360.8602@joyce.lan> <20130505012216.GA29079@vacation.karoshi.com.> <alpine.BSF.2.00.1305042223280.10848@joyce.lan> <20130505032549.GA30757@vacation.karoshi.com.> <alpine.BSF.2.00.1305042327490.11044@joyce.lan> <20130505085348.GA6061@vacation.karoshi.com.> <20130505110635.0D83433E9BFC@drugs.dv.isc.org> <CAL0qLwa-fWyB2NtVdMu02-iz8ZWnYo3+PJ4qFtxYeWe=KQtiwA@mail.gmail.com>
In-reply-to: Your message of "Sun, 05 May 2013 17:36:13 -0700." <CAL0qLwa-fWyB2NtVdMu02-iz8ZWnYo3+PJ4qFtxYeWe=KQtiwA@mail.gmail.com>
Date: Mon, 06 May 2013 11:12:36 +1000
Message-Id: <20130506011236.A1AD633EB06B@drugs.dv.isc.org>
X-DCC--Metrics: post.isc.org; whitelist
Cc: bmanning@vacation.karoshi.com, "dnsext@ietf.org Group" <dnsext@ietf.org>
Subject: Re: [dnsext] SPF, a cautionary tale
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 May 2013 01:12:49 -0000

In message <CAL0qLwa-fWyB2NtVdMu02-iz8ZWnYo3+PJ4qFtxYeWe=KQtiwA@mail.gmail.com>
, "Murray S. Kucherawy" writes:
> 
> On Sun, May 5, 2013 at 4:06 AM, Mark Andrews <marka@isc.org> wrote:
> 
> >         I looked a 25579 unique domains that have sent me email
> >         over the last 20 odd years.
> 
> That's a far more constrained sample size than the RFC6686 surveys used,
> and I have some vague thoughts about likely bias of mail going to isc.org.

That list of domains includes personal as well as business
correspondence, spam sources, mail from various mailing lists.

And RFC6686 is biased as it use the Alexa top X which is known to
use more load balancers which are often not RFC 103[45] compliant
name servers.  They don't do negative answers properly.  Fixing one
set of nameservers in the Alexa top X can drastically change the
numbers as many domains Alexa top X are served by identical sets
of name servers.

The vast majority of name servers (from sites sending email or not)
respond to both TXT and SPF queries.  Of those that don't most are
broken for both TXT and SPF (and AAAA and NS and SOA).

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org

v2.23.0 | Report a Bug | By Email