Re: [ietf-dkim] Corner cases and loose ends, was , draft-vesely-dkim-joi

--On 27 September 2010 11:39:43 -0700 Dave CROCKER 
<dhc(_at_)dcrocker(_dot_)net> wrote:

> On 9/27/2010 11:04 AM, Murray S. Kucherawy wrote:
> > > From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org [mailto:ietf-dkim-
> > > bounces(_at_)mipassoc(_dot_)org] On Behalf Of John R. Levine
> ...
> > > It is not my impression that they all do the full DKIM validation while
> > > the SMTP session is open.  Mine doesn't.
> > The milter-based ones like OpenDKIM and dkim-milter do.
>
> It's been a significant revelation, for me, to realize how common it is
> for DKIM  processing to occur during the SMTP session.
>
> So SMTP issues reduce to finding ways of preventing the cross-net
> transfer of  data or even of preventing the SMTP session.  Oddly, I think
> the latter is more  feasible than the former.
Actually, it's not the traffic that I see as the problem. It's the amount 
of processing that is performed on the body of the message. We already use 
SpamAssassin and ClamAV on every message that we accept, and that's way 
more effort than a DKIM verification.

However, with Spamhaus' new DKIM/domain and IP whitelists, I expect to be 
able to reduce the SpamAssassin scanning (we'd never fail to use ClamAV), 
once we have confidence in the whitelists. Therefore, I expect to be able 
to reduce the load on our hosts when good DKIM signatures are present.

For domains like gmail.com, I'm considering working on rate-limiting by 
author address. Of course, the rate limit would be different for a message 
with a dkim pass.


-- 
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html