Bill Stewart writes:

Saw an interesting article from Gmail on their inbound email statistics. Over 91% is authenticated with either DKIM or SPF.

What percentage of that is using 512-bit keys? Peter.

I saw that article too, and thought it was interesting, but I noticed something odd in their statistics: """ 91.4% of ***NON-SPAM*** emails sent to Gmail users come from authenticated senders, which helps Gmail filter billions of impersonating email messages a year from entering our users’ inboxes. More specifically, the 91.4% of the authenticated ***NON-SPAM*** emails sent to Gmail users come from senders that have adopted one or more of the following email authentication standards: DKIM (DomainKey Identified Email) or SPF (Sender Policy Framework). """ (emphasis mine) http://googleonlinesecurity.blogspot.com/2013/12/internet-wide-efforts-to-fi... So first Google runs their pretty-good-but-not-perfect spam filtering, then they look at what they're categorized as non-spam to generate those statistics. The ham (not spam) emails that are miscategorized are much more likely to be omitting SPF/DKIM, so there's a bit of selection bias occurring. Also, for what it's worth, SPF isn't related to crypto at all, and is ridiculously easy to set up for 'normal' domain admins. (That is, domain admins with a couple well-known SMTP servers, and not some crazy distributed architecture.) There's a great calculator online for it here: https://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard... There's some tricky questions people may not know the answer to, but omitting answers will only create a more _permissive_ policy, rather than run the risk of borking your email. -tom