I've been mucking around with anti-spam measures recently because I gave a talk on replicating Postfix's anti-spam measures with procmail. Since procmail can fire off arbitrary scripts to test email, I incorporated an SPF test into it. Only it's not firing very often, as it seems that many domains do not have SPF records published.
Now, let's try to quantify that whole "not many domains" observation. I did a random sample of 1000 domains in the .com space (basically run rand() to create a 4 letter .com domain and see if it had an MX record, if it did, record whether it had an SPF record published as well). The bad news is that only 81 out of the 1000 domains had SPF records = 8.1%. If you own/control a domain, please take the 5 minutes it takes to setup an SPF record for it.
Here's the perl code that I ran:
use Net::DNS::Resolver;
my @digits = (
'a'..'z',
'0'..'9',
'-'
);
$|=1;
$notdone = 1000;
while ($notdone) {
my $domain = join('',
$digits[int(rand(@digits))],
$digits[int(rand(@digits))],
$digits[int(rand(@digits))],
$digits[int(rand(@digits))],
'.com',
);
domain2mx($domain) ne '' and do {
printf("%s -> %s\n", $domain, domain2spf($domain));
$notdone--;
}
}
sub domain2mx {
my ($domain) = @_;
my $res = Net::DNS::Resolver->new(udp_timeout=>5);
my $query = $res->query($domain, "MX");
! $query and return;
my ($txt) = map { $_->exchange } grep { $_->type eq 'MX' } $query->answer;
return $txt;
}
sub domain2spf {
my ($domain) = @_;
my $res = Net::DNS::Resolver->new(udp_timeout=>5);
my $query = $res->query($domain, "TXT");
! $query and return;
my ($txt) = map { $_->char_str_list } grep { $_->type eq 'TXT' } $query->answer;
return $txt;
}
I'm not sure how much of the problem is due to DNS administrators that make this a PITA grande to actually implement. When it should be a matter of lower TTLs, implement, test, and done.