Murray says...
The 6% using "l=" needlessly is a red flag.
Yep. Happily, we (where "we", here, mostly means Murray, but some
others as well) are collecting stats.
I don't know that I would "red flag" it so fast. There are local policy
options that
can mitigate the damage, and the stats don't say whether or not those are in
effect.
I think I would, and here's why:
Alessandro says...
One possible answer is that the signing agents have no clue about that
mail's destination. The easiest way to configure DKIM in order to use
l= on some messages, is to enable it on _all_ messages.
I think Alessandro is right: there's likely no thought at all being
put into the use of l=. Signing software is set up to use it because
it will make the chances that the signature verifies slightly
greater... with no consideration of the consequences. Signers use it
because it's the default in the signing software, or because it's easy
to check the box to use it. No one is thinking of why it might not be
a good idea.
This is all the more reason to deprecate it as soon as is practical
(though, again, I repeat: not here and now).
Barry, as participant
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html