Ian Eiloart wrote: > > --On 18 June 2010 16:05:07 -0400 W B Hacker <[email protected]> wrote: > >>> The presence of a good signature simply means that you can (a) apply some >>> kind of reputation assignment to the message on the basis of: (i) the >>> reputation of the signing domain, and (ii) reputations that might be >>> applied to the signed content in the context of the signing domain. >>> >> That is the intent, certainly. And it is an honourable - even laudable - >> intent. >> >> But the model is 'just flawed enough' to make it insufficiently reliable >> to accomplish the intended goal 'enough better' than older means to make >> it worth the not-insignificant extra effort. >> >> Enough admins realize that to decide not to bother with the added >> complexity of just-one-more leaky bandage. >> >> The resulting low takeup, in turn means exponentially lower usefulness. > > "low takeup"? Last Friday, we accepted 39804 messages for delivery. Between > them they carried 12685 signatures, of which 11138 verified. That's a > verified signature for every 3.5 accepted messages. Not terribly low. Of > course the usefulness increases with increased takeup, so I'm keen to see > this spread. > >
'Pardon him, Theodotus....' Roughly 32% - just under a third. HOWEVER ... one has to wonder how close the experience of a University is to the 'general case'. For example - what percentage of the traffic was intra-U Susses / inter-campus, or inter-U Sussex and other-UNI. Same again between/among 'major' ISP. How applicable are their inter/intra percentages to the wide world of medium and small senders? .. and - returning to the specific thread issue - just how many of the good/broken ones - regardless of sending entity size or rank - were from *Mailing List Manager* software? >> Worse yet - it attracts enough of the malicious who apply a fake DKIM sig >> that would not stand proper analysis that it behooves one to *penalize* >> all DKIM signed arrivals with spam points 'just in case' - that being >> cheaper than attempting a proper verifications that can fail. > > I don't really understand what you're saying here. 87% of the signatures we > saw on Friday verified. Many of the rest were accompanied by good > signatures. Yahoo Groups emails often seem to carry a good and a bad > signature, for example. 13% wrong and/or 'confusing' could very well be a percentage that continues to track - even if the percentage signed at all were to approach 100%. A perfectly valid message can fail DKIM sig for any of many reasons - MLM's adding 'to unsubscribe...' and the like arguably fairly high up on the list. Hence this thread.... Further, I dispute just how 'useful' it would become even at 100% take-up. Which is costly - and not necessarily to the alleged beneficiaries. IF DKIM is to have significant value, 'many' sysadmins on 'many' systems would have to be configured to participate - MLM's as well as MTA - even if their usual traffic derives no benefit. Penalizing the bystanders, so to speak. TANSTAAFL. That is tantamount to a communications tax imposed on birdsong, and I don't see it as collectible. At least not from the birds. ;-) *snip* Bill -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
