You certainly do need them if you want to have any hope that your emails you send will get through to anyone.
My experience is that most MTAs don't care about it. But since the few ones with user base in hundred of millions do, you better should have it because the chance somebody wants to send an email to there is high enough.
Sure you can, but
this is an understatement. Most sites have some kind of spam filtering that also expects these things. The "big players" are especially rigid and might outright reject your mail.
Oh well, fighting spam is not what they directly do, but it's the purpose they are used for. Spam filters these days give a negative score for their absence (and an even more negative score when they're present but fail).
Only a fraction of spam is sent by systems that can afford that, so these tools still serve their purpose. Of course, combined with other filters (RBLs, heuristics, etc…)
Totally wrong conclusion. They don't help for the scenario "cracked mailbox on a large site", they do help for the scenario "spam sent by botnets of infected (windows) boxes". Without them, you'd get tons more of spam.
There is a best, one always wants better. But better and best are not necessary good (enough).
Zirias , OP is right... As Geezer pointed out, the thread has taken off on a tangent. Staying on topic is a vitally important skill for problem solving, and yes, that applies to programmers, as well. Since the thread is supposed to be about email clients, the outtake would be that sometimes, it makes sense to leave server implementation to a different shop that you know will do a decent job, rather than trying your hand at a homebrew solution. It can be compared to taking care of your teeth - yeah, there's stuff you can do at home (proper diet and brushing), but for serious treatment, you go to a dentist, you really shouldn't try that on yourself, because you'll do more harm than good anyway.
| SPF return code | # connections | % connections |
| pass | 5607 | 43.3 |
| none | 3769 | 29.1 |
| softfail | 1925 | 14.8 |
| neutral | 386 | 3.0 |
| fail | 824 | 6.4 |
| permament error | 323 | 2.5 |
| invalid SPF record | 100 | 0.8 |
| temporary error | 300 | 0.2 |
~all). But still, in the end you're left with thousands of spam messages per year coming from real gmail servers.
If you look closer at them, you see a lot of deliveries without SPF. The "big players" would already attach a strong negative score to that. Then, you have almost 15% "softfail", which is IMHO a design flaw in SPF, cause it's just inconclusive for the receiving party. Still, only less than half of the deliveries actually pass SPF.
Neither SPF nor DKIM can do anything against spam sent via legitimate mail systems. There's no single "solution" to the spam problem anyways, but combining many approaches gives pretty good results …
... and for filtering out the "botnet" (et al) originating spam, adding DKIM can improve that substantially, compared to only SPF.
A preliminary scan has revealed the cached options of one port are
obsolete. Please update or remove the saved options and try again.
e.g. make -C /usr/ports/mail/thunderbird config
e.g. make -C /usr/ports/mail/thunderbird rmconfig
POLA.