On 09/27/2010 11:17 AM, Al Iverson wrote: > On Mon, Sep 27, 2010 at 1:05 PM, Michael Thomas<[email protected]> wrote: >> On 09/27/2010 10:58 AM, Michael Thomas wrote: >>> On 09/27/2010 10:38 AM, John R. Levine wrote: >>>>> Ignorance is bliss, I guess, especially when it comes to pontificates. >>>>> That's what every implementation of DKIM for MTA's, both open source and >>>>> commercial that I'm aware of does, though some do and don't do the ADSP >>>>> lookup. News at 11: email is still delivered, with little to no >>>>> observable >>>>> impact. >>>> >>>> It is not my impression that they all do the full DKIM validation while >>>> the SMTP session is open. Mine doesn't. >>>> >>> >>> You would be completely wrong in your impression. >>> >>> Source is your friend. >> >> Oh, I see John weaseled from "nobody does that" to the unprovable >> "not everybody does that". In any case, John is completely wrong >> with his assertion that doing DKIM/ADSP validation at SMTP time >> is somehow even vaguely untenable. It isn't. It's common as dirt. > > It's hard to imagine a large, DKIM-checking mail provider, like, say, > Yahoo, doing that mid-transaction. > > Do you have any data/insight on how to quantify "common as dirt"? I'm > doubtful of your claim without it.
Yes, I have a lot of insight. My implementation did it that way, which along with Murray's (and any other that's based off of milters), do it that way. I don't have access to Y!'s source to say for sure, but my impression from Mark and Miles is that they did it in-session and that all of our experiences were the same: it added very little overhead. I don't know why this should surprise anybody. Doing DNS lookups in-session *is* common as dirt for RBL lookups, even if the big boys have the RBL databases in-house for performance. So the only other issue with DKIM is the actual computational overhead, and Eric did some calculations that it was *maybe* 5% overhead, and that was 5 years ago -- Moore's Law only helps. So by all means, doubt away. Is there anybody else who was at the Interop who *doesn't* do DKIM in-session? It was my impression that everybody did it that way. Mike _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
