It appears that Bill Cole <sausers-20150...@billmail.scconsult.com> said: >Never has been safe. Terrible idea from the start. Never should have >been included in the specification.
Agreed. >I was thinking of the same thing in a half-assed way, just catching >anything using the length tag. I'd bet that correlates to spam but we'd >need data to prove that. When that blog post came out, some people I know at large providers took a look at the DKIM signatures they were seeing. There was one ESP that was signing their mail with l=1, but they stopped when we pointed out what a bad idea that was. Some corporate systems that use Iroport appliances are misconfigured to put l= with the actual body length. I've been trying to track them down and encourage them to turn it off. My advice is just to ignore the l= length. For the Irnport users, the signature covers the entire body so it'll still validate. Other than that I don't think it's a strong spam indicator but there's no reason to try and guess whether a message with a length that doesn't cover the full body has been modified maliciously. R's, John
