[dkim-ops] Test Results for various reflectors

Reposted to the list, I just realized I just responded only to Nate...

Okay. My results for every reflector listed on testing.dkim.org (withevery possible signing mode) are here (and they're DISMAL):


http://www.gushi.org/dkim-results.

Interesting notes:

blackops.org -- doesn't even seem to verify DKIM or DK, just SPF/Sender-ID.Pointless.

dk.elandsys.com -- in most results simply tells me what my policies inpublished DNS are, but says the DKIM test is "not available".

Mostly Pointless.

dkim.org -- seems to only work with allman-base-00, everything else returns abase64 error. Also seems to be running a fairly old sendmail which wouldn'thave the right libmilter to support newer versions of dkim-filter.

sendmail.net -- isn't even answering me when I send with ietf-base-00, and onthe others, not one has triggered a domainkeys response.

altn.com -- sees my DKIM passing, but my domainkeys FAILING where everythingelse passes. If this is one of the "testing" sites this makes me feel FAR lessgood about even implementing DOMAINKEYS, since four other sites can verify meand be fine and one of the TESTING SITES is broken. THIS IS BAD. In areal-world situation this would REJECT MAIL. Their MTA (MDaemon) seems to beat issue here.


Considerations:

* I signed using my address danm(_at_)prime(_dot_)gushi(_dot_)org -- if anyone thinks it wouldbe any different using gushi(_at_)gushi(_dot_)org (which also has domainkeys and a policy)let me know.

* I for a moment considered re-running these tests with dk-milter completelydisabled and only using dkim-milter, but decided against it as this is areal-world test, and the idea should be to embrace as many possiblenon-competing methods as possible, with PREFERNCE for the ability to continueto use SUPPORTED ones while the DRAFT ones work the kinks out.

* dkim.org mentions a mailing list on yahoogroups that hasn't seen a post sincelast november, and which still has not approved me for posting access.

* I am running the latest versions of all milters (dk, dkim, sid) fromsourceforge. My arguments for dkim-filter are mentioned in the methods.txtfile in each example.

* After my first try I kicked over to putting the domainkeys milter FIRST insendmail.cf, because I noted that this is how sendmail.net does it, and I'dpretty much consider them an example to work from.

* The sendmail milter can sign with three different modes, ietf-base-00,ietf-base-01, and allman-base-00. http://testing.dkim.org/reflector.htmlmentions:


allman-01
allman-00
draft-allman-01
draft allman-00

(they mention it with and without the word "draft", I am not sure if that'ssignificant)

In any case, no detail is mentioned about how these differ, unless I feel likereading the drafts (and no links are provided, even so it would be a TEDIOUSread).

(the index page stated that that site may be out of date, I'm ccing thewebmaster on this in case he'd like to remove these links).

According to http://testing.dkim.org/reflector.html some of these milters teston allman-01, which isn't even an option with dkim-milter (interesting becauseAFAIK if it's being supported by sendmail.net, it should conceivably be in themilter that THEY WROTE).

* Per nate's suggestion I've added -H to dk-filter's options -- it doesn'tseem to have helped the incidence of failures.

* Is there code out there to allow one to run their own testing reflector? Ifso, I'd like to run one myself.

* Can anyone post contact addresses for issues with these reflectors?Ideally we need more info, such as: what testing method they're using,contact address, what standards they support.

Clearly if all these reflectors are failing with the DEFAULT SIGNING MODEof dkim-milter this represents an issue.


-Dan Mahoney

--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  http://www.gushi.org
---------------------------

_______________________________________________
dkim-ops mailing list
dkim-ops(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/dkim-ops