John R. Levine wrote:
http://www.opendkim.org/stats/report.html#l_tag
You can see the count that have "l=" smaller than the final message size as
well as the "l=0" ones, and how many of those passed or failed.
That's out of 155972 signatures that used "l=", and 4.36M total signatures
observed, in just over eight months of data.
Hmmn. If my arithmetic is right, about 95% of l= signatures didn't cover
the whole body, and only a few of those were l=0. Your users must
subscribe to different mailing lists than I do.
of course, we don't all live in the same levine list world.
What I found in a quick grep scan of ~7000 list messages:
137 used l= with some value
3 used l=0 from the same source
More details:
- Sorted down to 37 domains, 36 unknown, 1 known domain,
- Except for 1 known, all mail from the 36 was spam,
- 20 of them had the same patterns but different domains, and
- the 20 used two signatures, sha1 and sha256
The collection were saved prior to verification so I don't know off
hand if they failed or the actual body counts.
In my network of mail, I will say, l= is used by spammers blasting
list mail to their collected emails addresses to spam.
--
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html