-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Scott
Kitterman
Sent: Monday, May 23, 2011 10:12 AM
To: ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] 8bit downgrades
Do you have numbers to show that broken signatures indicate that messages
are malicious, or spam, or otherwise worse than otherwise?
None that I can share unfortunately. IME no signature is more suspicious than
a broken one (as you suggest, I think most breakage is innocent), but putting
broken and no signature into the same bucket is the most sensible and RFC
compliant way to approach it.
Interesting. I ran some queries on our data for ebay.com, paypal.com,
chase.com and bankofamerica.com. In all cases, messages with failed signatures
were never tagged by Spamassassin, and at most 7% (usually less) of unsigned
mail where the From: field contained those domains was tagged. This seems to
concur with the "most breakage is innocent" theory and also supports the notion
that treating a broken signature as equal to no signature is almost always the
right way to go.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html