Re: [exim] DKIM, Mailing-lists and signing lengths

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Ian Eiloart
Date:  
À: W B Hacker, exim users
Sujet: Re: [exim] DKIM, Mailing-lists and signing lengths


--On 18 June 2010 16:05:07 -0400 W B Hacker <wbh@???> wrote:

>
>> The presence of a good signature simply means that you can (a) apply some
>> kind of reputation assignment to the message on the basis of: (i) the
>> reputation of the signing domain, and (ii) reputations that might be
>> applied to the signed content in the context of the signing domain.
>>
>
> That is the intent, certainly. And it is an honourable - even laudable -
> intent.
>
> But the model is 'just flawed enough' to make it insufficiently reliable
> to accomplish the intended goal 'enough better' than older means to make
> it worth the not-insignificant extra effort.
>
> Enough admins realize that to decide not to bother with the added
> complexity of just-one-more leaky bandage.
>
> The resulting low takeup, in turn means exponentially lower usefulness.


"low takeup"? Last Friday, we accepted 39804 messages for delivery. Between
them they carried 12685 signatures, of which 11138 verified. That's a
verified signature for every 3.5 accepted messages. Not terribly low. Of
course the usefulness increases with increased takeup, so I'm keen to see
this spread.


> Worse yet - it attracts enough of the malicious who apply a fake DKIM sig
> that would not stand proper analysis that it behooves one to *penalize*
> all DKIM signed arrivals with spam points 'just in case' - that being
> cheaper than attempting a proper verifications that can fail.


I don't really understand what you're saying here. 87% of the signatures we
saw on Friday verified. Many of the rest were accompanied by good
signatures. Yahoo Groups emails often seem to carry a good and a bad
signature, for example.

> That is already happening, and it does not bode well for increased DKIM
> takeup.




--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/