On Oct 4, 2004, at 12:34 PM, Seth Goodman wrote:
From: Theo Schlossnagle
Sent: Monday, October 04, 2004 7:36 AM
<...>
Regression analysis shows that implementing DomainKeys at even the
largest ISPs will require little additional equipment. For the common
case (under one million messages/day) DomainKeys doesn't even show up
on the profiling chart.
While this is true for a MTA that does nothing but transfer messages,
most
MTA's have to do a lot more than that. Signing and validating RSA
signatures is an expensive matter. The Sendmail demonstration with
Domainkeys http://sendmail.net/dk-milter/benchmark/ shows that the
throughput with small messages, like most spam, was reduced to about
half.
This says that for small messages, the overhead of Domainkeys is
approximately the same as the entire email transaction without
Domainkeys.
The sendmail tests are comparing it against a no-op milter. The point
Theo was making was that precisely because you do a lot more than just
transiting mail, those benchmarks aren't very 'real world'. Once you
add in virus/spam scanning to the mix, the additional hit of throwing
DK into the mix is very very minimal. For example, in the case of
small spam mails, your mta should be not only running DK, but running
some spam-detection logic on the mails to identify them as spam and
reject them. That analysis will be much more costly than the DK
processing.
If all you do is transit mails, Domain Keys is a proportionately big
hit. If you do anything remotely processing-ish with your mails,
Domain Keys is a proportionately tiny hit.
George