...Without them, you'd get tons more of spam.
During the same period (Sep 2020-today) 9.9% of delivery attempts were rejected due to SPF failure
. This doesn't filter out retries, so the actual number of blocked unique delivieries will be lower than that. Full SPF statistics are as follows:
|SPF return code||# connections||% connections|
|invalid SPF record||100||0.8|
Out of those that did pass SPF and graylist, 4581 messages were more or less legit, 4164 were sure spam of which 1481 came from Google's servers.
I didn't bother to set up DKIM verification not to waste my time.
The trivial way to circumvent these is to use a permissive domain in return path, for example gmail.com that has softfail for all IP addresses (their SPF record ends with
). But still, in the end you're left with thousands of spam messages per year coming from real gmail servers.