Re: [mailop] unique/shared public DKIM keys per domain?

2017-10-11 Thread Don Owens
+1 Never assume that something doesn’t matter. It all depends on what the numbers say. The selector and other fields are features that can potentially be used to predict malicious or spammy behavior. I’m not aware of such a pattern yet for selectors, but it may very well be that there will be

Re: [mailop] unique/shared public DKIM keys per domain?

2017-10-11 Thread Luis E. Muñoz via mailop
On 11 Oct 2017, at 6:31, John Stephenson wrote: FWIW, maybe 5 years ago, we were required to send a legally mandated bulk email (deserving of delivery) and when reaching out to various inbox providers, my contact at yahoo suggested that I send this effort through an existing domain, but a

Re: [mailop] unique/shared public DKIM keys per domain?

2017-10-10 Thread Benjamin BILLON via mailop
> The statement was the selectors do not have an effect on reputation, but that sometimes people believe they do because they changed the selector at the same time they changed other things. @Laura> that too; but there were clearly a possibility to say "no we don't use s= at all", it hasn't been

Re: [mailop] unique/shared public DKIM keys per domain?

2017-10-10 Thread Dave Warren
On 2017-10-10 08:20, John R Levine wrote: On Tue, 10 Oct 2017, David Hofstee wrote: Didn't Google mention they wanted the age of the keys to count in the spam score? I'll check but I would be surprised if it made much difference. I rotate my keys every month, which seems to be more often

Re: [mailop] unique/shared public DKIM keys per domain?

2017-10-10 Thread Brandon Long via mailop
Yeah, I'd echo a bunch of what Vladimir said, selectors are useful for different mail streams from the same domain, and we've played with using it for reputation (as a tuple with domain). That said, we don't want to discourage rotation, especially not anything crazy like requiring senders to ramp

Re: [mailop] unique/shared public DKIM keys per domain?

2017-10-10 Thread Laura Atkins
> On Oct 10, 2017, at 9:25 AM, Vladimir Dubrovin via mailop > wrote: > > > I can say nothing about Google, but selectors can really have indirect impact > on the reputation. > > We do not bind reputation directly to objects like domains, selectors, etc > and use dynamic

Re: [mailop] unique/shared public DKIM keys per domain?

2017-10-10 Thread Brandon Long via mailop
The *.gappssmtp.com default DKIM signatures for GSuite domains are currently all a single key, which would seem to say that we don't currently think that blending keys is a bad thing. That isn't to say it can't change in the future if there becomes a need, of course. Brandon On Mon, Oct 9, 2017

Re: [mailop] unique/shared public DKIM keys per domain?

2017-10-10 Thread Vladimir Dubrovin via mailop
I can say nothing about Google, but selectors can really have indirect impact on the reputation. We do not bind reputation directly to objects like domains, selectors, etc and use dynamic tuples instead (that is content of this tuple is flexible to better match specific mailing type), and in

Re: [mailop] unique/shared public DKIM keys per domain?

2017-10-10 Thread David Hofstee
Didn't Google mention they wanted the age of the keys to count in the spam score? Old keys tend to have a longer timeframe to get stolen I guess. Maybe a frequent key changes is an indicator of having good ops practices which result in fewer incidents? Funny enough, I have only ever met one

Re: [mailop] unique/shared public DKIM keys per domain?

2017-10-09 Thread Benjamin BILLON via mailop
Hi John, > Do you? In the way I tried to express it, yes. Gmail recently said that the selector, or the change of the selector, can have a role in their anti-spam and reputation system. Just because it's an element of the email, and that it can indicate something. It is not used for _reputation_

Re: [mailop] unique/shared public DKIM keys per domain?

2017-10-09 Thread John Levine
In article

Re: [mailop] unique/shared public DKIM keys per domain?

2017-10-09 Thread Benjamin BILLON via mailop
ISPs might consider the change of s= or key as an element being part of their reputation systems and metrics. The consequences are however unknown but very most probably negligeable. Considering that d= is the important stuff is right. Having the same public key should not have any incidence, so

Re: [mailop] unique/shared public DKIM keys per domain?

2017-10-09 Thread Maarten Oelering
To my knowledge reputation is tied to the “d=“ domain. The value of the key is irrelevant with regards to reputation. Using shared or unique key pairs is a balance between managebility and security. Maarten On Mon, 9 Oct 2017 at 19:06, Alexander Burch wrote: > Do

[mailop] unique/shared public DKIM keys per domain?

2017-10-09 Thread Alexander Burch
Do major ISP check the public DKIM key for reputation metrics? For example, an ESP might use domain1.com, domain2.com and domain3.com to sign messages for different reputation pools. If these domains all have the same public DKIM key will this "blend" their reputations in any way, namely at