Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bis-19.txt> (Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1) to Proposed Standard

[manning bill <bmanning@isi.edu>]

regarding adoption…  it would be interesting to take a second snapshot from each of these servers in about six months
to see if the trend has changed (modulo PAFs observations that not all TXT == SPF).   In the mean time, declare a suspension of
last call to gauge if the presumption of failure of the SPF RR merits this drastic action.

/bill


On 21August2013Wednesday, at 3:26, Eliot Lear wrote:

> Patrik,
> 
> First, I appreciate that you and Dave are bringing data to the table.  However, in this case, it is not in dispute that queries are happening.  What *is* in dispute is whether there are answers.  I must admit I am having a difficult time understanding the logic, even so.  The *hard* part about this was supposed to be implementation of the record in the application software.  Can the shepherd answer this question:
> 	• To what extent has that happened?
> The easy part was supposed to be people actually using the SPF record, once it was out there.  And so your data doesn't indicate what sort of answers you're getting.
> And another thing. Randy, is it your position that WGs shouldn't create new TXT records due to transition issues?
> Eliot
> 
> On 8/21/13 12:15 PM, Patrik Fältström wrote:
>> On 21 aug 2013, at 09:17, David Conrad <drc@virtualized.org>
>>  wrote:
>> 
>> 
>>> On Aug 20, 2013, at 9:00 PM, Andrew Sullivan <ajs@anvilwalrusden.com>
>>>  wrote:
>>> 
>>>> The WG had a hard time coming up with really good data about what validators look for, ... If someone else with some busy nameservers wants to provide different evidence now, it wouldn't hurt.
>>>> 
>>> Out of morbid curiosity, I just looked at the logs from my name server (which has both TXT and SPF RRs but which is very, very far from being busy) with a quick perl hack:
>>> 
>> :
>> :
>> :
>> 
>>> totals: spf: 1389, txt: 19435, 7.146900%
>>> 
>>> (the numbers are queries since the name server last restarted/dumped stats)
>>> 
>>> Will look for better data than my measly little name server.
>>> 
>> I have been looking at the queries to one of the nameservers that Frobbit runs (which is authoritative for quite a number of zones, although not GoDaddy), and a tcpdump for a while today gives the following data:
>> 
>> $ /usr/sbin/tcpdump -nr dns.pcap | grep 'SPF?' | wc -l
>> reading from file dns.pcap, link-type EN10MB (Ethernet)
>> tcpdump: pcap_loop: truncated dump file; tried to read 271 captured bytes, only got 95
>> 1105
>> $ /usr/sbin/tcpdump -nr dns.pcap | grep 'TXT?' | wc -l
>> reading from file dns.pcap, link-type EN10MB (Ethernet)
>> tcpdump: pcap_loop: truncated dump file; tried to read 94 captured bytes, only got 18
>> 2819
>> 
>> I.e. 2819 queries for TXT while there was 1105 for SPF resource record.
>> 
>> Now, I have no idea whether all of those queries for TXT was only for the SPF usage of TXT of course, but this gives it was at least 28% of (TXT+SPF)-queries that was for SPF.
>> 
>> Deprecating something that is in use that much just does not make any sense.
>> 
>>    Patrik
>> 
>> 
>