Hector wrote:
The real interest is the total unique domains and also the changes,
i.e. how many of the 2010 ADSP = NONE domains have adopted ADSP in
2011. That will give you a better adoption rate.
Some other things to consider John.
DNS ADSP domain adoption rate is just one side. What is also important
is the DKIM verifier Enabling ADSP checking Adoption Rate.
One fact is true: Of the two popular open source DKIM API packages,
both support ADSP and are ready to go.
How implementators of these APIs have enabled ADSP checking, we don't
know.
I believe Murry indicated last year OpenDKIM has ADSP checking is OFF
out of the box. Maybe it is enabled now for his statistics work. We
use ALT-N's LIBDKIM API and we have ADSP checking enabled out of the box.
With RFC5016 (Requirements for a DKIM Signing Practices Protocol) and
the work done in RFC4686 (Analysis of Threats Motivating DKIM), there
was consensus ADSP checking make sense under two conditions:
1st party failures
3rd party signatures (valid or not)
There was a majority consensus (if not 100%), the valid 1st party
signatures did not require ADSP checking because the only reasonable
threat is an internal compromise (theft of private key). ADSP can
only help to deal with violations (faults) of policy declarations:
What to do about 1st party failures
What to do about unauthorized 3rd party signature
Maybe one interest data point would be to collect ADSP DNS queries.
That will give a snapshot of how many DKIM verifiers are checking for
ADSP.
--
HLS
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html