
Italian Public Administrations are adopting some e-mail authentication measures like SPF (Sender Policy Framework) and DMARC (Domain-based Message Authentication, Reporting & Conformance) TXT records in their authoritative name servers’ zone file.
A little improvement can be observed since our last research in 2014: Anti spam measures adopted by italian Public Administrations: mostly SPF.
Today our study finds that out of 8,373 domain names, 88 have a (deprecated since 2014 by RFC 7208) IN SPF record in place, 1,210 have a IN TXT record containing SPF informations but 10 of them carry errors therefore are not valid.
Summarizing: 1,288 domains use SPF (15.38%).
Just five (yes 5!) of them have a IN TXT record with DMARC declaration (0.06%). Ten ADSP (Author Domain Signing Practices) records found, but 4 are just plain wrong, so 6 correct adsp enabled domains (0.07%)
At the moment we cannot exactly determine if those domain names published a DKIM (DomainKeys Identified Mail) policy in their name servers, but we could assume that ADSP records are in place if DKIM is configured, hopefully, so 6 DKIM records (0.07%).
I would encourage, even more today, all ICT teams involved in Public Administrations to look into domain names reputation. In current e-mail world, we are moving from IP reputation (IPv4) to domain reputation (IPv4 and IPv6). As an example, look at what Google requires to deal with gmail users: https://support.google.com/mail/answer/81126
Check also my previous article on How to run Postfix with OpenDKIM on FreeBSD 9.0.
[Raw hostnames from: http://siamogeek.com/analisi-siti-pa/download-dati-analisi-siti-pa/]