New and improved: The SPF website
After a long period of planning and a lot of volunteer work, the SPF project is happy to present you its new website at http://www.openspf.org. We have consolidated all the useful information about SPF from the old website, and we have expanded our FAQ and Best Practices sections. Be sure to pay a visit to the new website and recommend it to your peers (and bosses)!
Significant increase in SPF deployment
The publishing of SPF sender policies has increased significantly in 2006. A recent survey by MarkMonitor reports a total of over 4,000,000 SPF records published within just the .com/.net/.org top-level domains, comprising nearly 6% of all registered .com/.net/.org domains!
While that may sound like a small portion of domains, note that most e-mail traffic on the Internet is sent from only a minority of all domains, while most domains just send very few messages (compared to the others) or none at all. Indeed, a study conducted by IronPort earlier this year reported roughly 35% of all Internet e-mail to be covered by SPF records (or SIDF, as Microsoft prefers to call it).
With the continued engagement of all the e-mail white-hats out there and the help of our support team and record publishing tools, we expect significant further adoption in 2007. You hear someone complaining about their domain getting forged by spammers? Remember to recommend them deploying SPF and other sender authentication methods!
Growing support in mail servers
SPF is a double-edged sword. The publishing of sender policies being the one edge, their enforcement at the receivers' ends is the other. Support for checking SPF policies in mail server software has also grown a lot in 2006. Practically all major mail server packages now provide SPF checking either natively or through at least one plug-in. If you have held off on deploying SPF checking to your e-mail setup so far, now there is little excuse not to make this one of your New Year's resolutions!
The official RFC 4408 test-suite
And we have a holiday present for the developers of e-mail server or client software among you, too. After the final SPFv1 specification was released as RFC 4408 earlier this year, we have now created a comprehensive official test-suite for it. If you are implementing SPF support in your software or simply want to verify the correctness of your existing implementation, you can now run our long list of tests against it and see if you have implemented all of the specification's aspects correctly. For questions on and assistance in using the test-suite, please join the spf-devel mailing list.
New SPF libraries: pyspf 2.0 and Mail::SPF
Even more holiday presents! Two new SPF libraries have recently been released that completely pass the RFC 4408 test-suite:
The pyspf Python module has been released as version 2.0. pyspf 2.0 was the first SPF implementation to fully conform to RFC 4408. This release has also added IPv6 support. pyspf is the library behind several of the project's SPF record testing tools.
The new Mail::SPF Perl module is a successor to the old Mail::SPF::Query module, which was the very first SPF implementation and evolved in parallel with the specification over time, thus having a baroque design and many smaller problems and incompatibilities with RFC 4408. Mail::SPF is a complete object-oriented rewrite and conforms fully to RFC 4408. It also is very thoroughly documented and finally supports IPv6 as well as both the DNS TXT record type and the new SPF record type.
The upcoming 2007 SPF Council elections
The 2006 term of the SPF Council, the project's steering group, is coming to an end in January 2007, and it will be up to the project's community to elect a new council for the coming year. By the election procedures, those who wish to vote in the election will have to be subscribed to the spf-discuss mailing list as of 2007-01-08 00:00 UTC. The election process will then start with voters registration and the nomination of candidates. A separate announcement of the elections will be sent at the beginning of the new year.