--On 21 June 2010 19:12:56 -0400 W B Hacker <[email protected]> wrote:
> Ian Eiloart wrote: >> >> --On 18 June 2010 16:05:07 -0400 W B Hacker <[email protected]> wrote: >> >>>> The presence of a good signature simply means that you can (a) apply >>>> some kind of reputation assignment to the message on the basis of: (i) >>>> the reputation of the signing domain, and (ii) reputations that might >>>> be applied to the signed content in the context of the signing domain. >>>> >>> That is the intent, certainly. And it is an honourable - even laudable >>> - intent. >>> >>> But the model is 'just flawed enough' to make it insufficiently reliable >>> to accomplish the intended goal 'enough better' than older means to make >>> it worth the not-insignificant extra effort. >>> >>> Enough admins realize that to decide not to bother with the added >>> complexity of just-one-more leaky bandage. >>> >>> The resulting low takeup, in turn means exponentially lower usefulness. >> >> "low takeup"? Last Friday, we accepted 39804 messages for delivery. >> Between them they carried 12685 signatures, of which 11138 verified. >> That's a verified signature for every 3.5 accepted messages. Not >> terribly low. Of course the usefulness increases with increased takeup, >> so I'm keen to see this spread. >> >> > > 'Pardon him, Theodotus....' > > Roughly 32% - just under a third. HOWEVER ... one has to wonder how close > the experience of a University is to the 'general case'. > > For example - what percentage of the traffic was intra-U Susses / > inter-campus, or inter-U Sussex and other-UNI. None of it was local mail. This isn't my MSA log. In general, the traffic is from large well known service providers. > > Same again between/among 'major' ISP. How applicable are their > inter/intra percentages to the wide world of medium and small senders? > > .. and - returning to the specific thread issue - just how many of the > good/broken ones - regardless of sending entity size or rank - were from > *Mailing List Manager* software? > >>> Worse yet - it attracts enough of the malicious who apply a fake DKIM >>> sig that would not stand proper analysis that it behooves one to >>> *penalize* all DKIM signed arrivals with spam points 'just in case' - >>> that being cheaper than attempting a proper verifications that can >>> fail. >> >> I don't really understand what you're saying here. 87% of the signatures >> we saw on Friday verified. Many of the rest were accompanied by good >> signatures. Yahoo Groups emails often seem to carry a good and a bad >> signature, for example. > > 13% wrong and/or 'confusing' could very well be a percentage that > continues to track - even if the percentage signed at all were to > approach 100%. > > A perfectly valid message can fail DKIM sig for any of many reasons - > MLM's adding 'to unsubscribe...' and the like arguably fairly high up on > the list. > > Hence this thread.... > > Further, I dispute just how 'useful' it would become even at 100% take-up. > > Which is costly - and not necessarily to the alleged beneficiaries. > > IF DKIM is to have significant value, 'many' sysadmins on 'many' systems > would have to be configured to participate - MLM's as well as MTA - even > if their usual traffic derives no benefit. > > Penalizing the bystanders, so to speak. TANSTAAFL. > > That is tantamount to a communications tax imposed on birdsong, and I > don't see it as collectible. > > At least not from the birds. > > ;-) > > *snip* > > Bill -- Ian Eiloart IT Services, University of Sussex 01273-873148 x3148 For new support requests, see http://www.sussex.ac.uk/its/help/ -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
