Taking a list of subscribers from a set of mailing lists (lists.cacert.org) I
found 964 unique domains.
one had dkim=all
two had dkim=unknown
Looking for _ssp._domainkey records for the same subscriber domains:
one domain had "t=y; dkim=unknown" (which was one of the two that had ADSP
dkim=unknown).
Looking through the email archives for all these list those with a DKIM-
Signature value:
There were 24 unique d= values.
These mailing lists have been configured so they don't break Author DKIM
signatures.
Potential Conclusions:
a) this sample size isn't sufficient to draw conclusions.
b) its too early in the process to say
c) people don't bother deploying dkim=unknown because its pretty much the
default
d) no-one is comfortable in deploying a ADSP record (including high value
domains like paypal)
e) more domains are comfortable with DKIM-signing than verification or policy
f) people actually understand that dkim=all is harshly filtered when
signatures could break
From the WG Charter:
"Take[n] together[policy and signatures], these will assist receiving domains
in detecting (or ruling out) certain forms of spoofing as it pertains to the
signing domain."
If the policy adoption level is so low and indecisive ("unknown") how can mail
receiving domains detect spoofing on all but the ~0.1% of domains that deploy
policy other than "unknown"? Even on the ~0.1% what action can they take when
signature breaks are common?
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html