http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5485
------- Additional Comments From [EMAIL PROTECTED] 2007-06-05 16:20 ------- (In reply to comment #14) > > zero score DK/DKIM_POLICY_SIGNSOME rules > > To turn off a DNS lookup for a policy record, it is necessary > that all DKIM_POLICY_* rules are zeroed, otherwise not much > has been achieved. Yeah I'm aware of and have considered that. What was achieved was preventing DKIM_POLICY_SIGNSOME from firing on nearly every mail. It's confusing and pointless. My intention is to re-enable it as soon as Mail::DKIM provides a way to tell the difference between an actual policy and the default. The other rules, on the other hand, only trigger when there's actually a DKIM policy in place. I'd like to have them recorded for re-use in mass-checks. Disabling them by default pretty much precludes them from being re-used. > For a meager 0.001 score points there is hardly a justification for > an extra DNS lookup for almost every mail (verified mail excluded), > especially since it is done synchronously by Mail::DKIM and not > in parallel with other RBL and similar DNS lookups. If you're looking to save or justify the DNS lookups you might as well zero score DKIM_VERIFIED and DKIM_SIGNED too. With scores of +/-0.001 you're not going to be able to justify them either... or, worse, the CPU time it takes to verify the signature. This is why the whitelisting feature of the plugins (SPF/DKIM/DK) was designed to be usable with all of the DKIM/whichever rules disabled. If someone finds that they can only afford to do a DKIM/whichever lookup if it's going to be really/directly useful to them (as opposed to later potential for re-use in a scoring run or other rule development) then they can disable all of the rules and whitelisting will still work. If they're not going to use the whitelisting then they might as well just disable the plugin altogether. > If someone wants to assign more score points to DKIM_POLICY_TESTING > or to DKIM_POLICY_SIGNALL, or to make some metarule out of them, > he is welcome of course (hopefully knowing that it will cost an extra > query, with results that are only applicable to DK and not to DKIM). Conversely they're just as easily turned off. I believe that they'll become more useful when we start publishing rules that expect popular domains to be signing their mail (it'd be nice to make sure that say eBay is publishing a sign all policy so that they can unilaterally remove that policy without SA still expecting eBay to be signing their mail). ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
