On Tue, Jun 4, 2013 at 6:48 AM, Dave Crocker <dhc(_at_)dcrocker(_dot_)net>
wrote:
Simply publishing this draft appears to have already increase
the level of multiple FROM header field abuse seen where it is
now at 21% of signed DKIM messages.
Sounds pretty scary. No doubt the assertion is publicly
verifiable, including the basis for asserting that it is causing
problem?
Sure. Simply observe the increasing signed DKIM messages that have
multiple From:'s.
The challenge I placed was on documenting the claim. The point is to
permit community assessment of the claim.
As another data point, when Doug's claim of increased appearance of
multi-From messages surfaced, I instrumented my own MTAs to detect the same
sort of thing to see if he's right. My data don't concur with the claim;
it's still nearly zero. I will release the source code for this in an
update to OpenDKIM soon, so others can collect their own data.
-MSK