On 05/25/2011 01:05 AM, Murray S. Kucherawy wrote:
Interesting. I ran some queries on our data for ebay.com, paypal.com,
chase.com and bankofamerica.com. In all cases, messages with failed
signatures were never tagged by Spamassassin, and at most 7% (usually less)
of unsigned mail where the From: field contained those domains was tagged.
This seems to concur with the "most breakage is innocent" theory and also
supports the notion that treating a broken signature as equal to no signature
is almost always the right way to go.
Heuristic based systems like SA are subject to the phases of the moon
with respect to what they find valuable and for how long. If they find
it useful to educe something from DKIM or lack thereof, more power to
them. Heck, if they just used the signature header pattern to determine
spam from ham for different senders, that would be cool too. This is not
in conflict from the statement that _cryptographically_ a broken signature
is no different than a missing signature. SA and its ilk just don't operate
on the plane of mathematical provables is all; nothing wrong with that.
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html