Email authentication and italian Public Administration: a long way to go

Pubblica Amministrazione - valutazione rischi e beneficiItalian Public Administrations are adopting some e-mail authentication measures like SPF (Sender Policy Framework) and DMARC (Domain-based Message Authentication, Reporting & Conformance) TXT records in their authoritative name servers’ zone file.

A little improvement can be observed since our last research in 2014: Anti spam measures adopted by italian Public Administrations: mostly SPF.

Today our study finds that out of 8,373 domain names, 88 have a (deprecated since 2014 by RFC 7208) IN SPF record in place, 1,210 have a IN TXT record containing SPF informations but 10 of them carry errors therefore are not valid.

Summarizing: 1,288 domains use SPF (15.38%).

E-mail authentication adoption for italian Public Administration domain names

Just five (yes 5!) of them have a IN TXT record with DMARC declaration (0.06%). Ten ADSP (Author Domain Signing Practices) records found, but 4 are just plain wrong, so 6 correct adsp enabled domains (0.07%)

At the moment we cannot exactly determine if those domain names published a DKIM (DomainKeys Identified Mail) policy in their name servers, but we could assume that ADSP records are in place if DKIM is configured, hopefully, so 6 DKIM records (0.07%).

I would encourage, even more today, all ICT teams involved in Public Administrations to look into domain names reputation. In current e-mail world, we are moving from IP reputation (IPv4) to domain reputation (IPv4 and IPv6). As an example, look at what Google requires to deal with gmail users:

Check also my previous article on How to run Postfix with OpenDKIM on FreeBSD 9.0.

[Raw hostnames from:]

Creative Commons License
Email authentication and italian Public Administration: a long way to go by Antonio Prado is licensed under a Creative Commons Attribution-ShareAlike 4.0 International

Leave a Reply