-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Hector Santos
Sent: Tuesday, May 17, 2011 9:39 AM
To: Michael Thomas
Cc: dcrocker(_at_)bbiw(_dot_)net; ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] New canonicalizations
Michael Thomas wrote:
On 05/16/2011 09:39 AM, Dave CROCKER wrote:
My guess is that admins just don't understand any of the subtleties,
have heard lore that "relaxed" is "better" and just click "relaxed"
wherever they find it. It may also be the case that some implementations
don't even have separate nerd knobs for headers and body canonicalization.
Based on what I see, one SWAG is that the "good" intention people are
using the defaults or relaxed/simple, and spammers tend to use
relaxed/relaxed as the reduced restraint. By far, in my samplings,
the largest group are spammers using relaxed/relaxed.
According to what we have, the biggest users of "relaxed/relaxed" are the large
mailbox providers like Gmail and Yahoo and other legitimate senders, not
spammers. The top 20, for example:
+----------------------------------+----------+
| name | count(*) |
+----------------------------------+----------+
| gmail.com | 421745 |
| yahoo.com | 313109 |
| facebookmail.com | 233441 |
| yahoogroups.com | 104523 |
| auth.ccsend.com | 90195 |
| linkedin.com | 74710 |
| google.com | 59049 |
| reply.newsmax.com | 53286 |
| ATT.NET | 43602 |
| sbcglobal.net | 36534 |
| googlegroups.com | 34359 |
| e.groupon.com | 30350 |
| paypal.com | 24568 |
| f74d39fa044aa309eaea14b9f57fe79c | 21019 |
| emailinfo.bestbuy.com | 17067 |
| ebay.com | 16192 |
| 636ae4d78ec2b46248fc59ac1ad737df | 14580 |
| expediamail.com | 13058 |
| bellsouth.net | 12431 |
| googlemail.com | 12426 |
+----------------------------------+----------+
Total relaxed/relaxed signatures received = 3444978; total above = 1626244 (47%)
In fact, the first domain name that (statistically) looked likely to be a
spammer is way down on the list, around #106 (out of 63314), and everything
before that accounted for 58% of total signatures. So, our data don't agree
with the claim, and certainly not with "by far".
But I don't understand why this is a useful line of analysis. If spammers are
using relaxed/relaxed, they merely have the same concern as a legitimate
sender, namely signature survivability. This shouldn't be a surprise. I hope
we're not talking about the idea of filtering based on which canonicalization
is in use, which is almost certainly a bad idea.
-MSK
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html