From: George Schlossnagle
Sent: Monday, October 04, 2004 2:00 PM
<...>
The sendmail tests are comparing it against a no-op milter. The point
Theo was making was that precisely because you do a lot more than just
transiting mail, those benchmarks aren't very 'real world'. Once you
add in virus/spam scanning to the mix, the additional hit of throwing
DK into the mix is very very minimal. For example, in the case of
small spam mails, your mta should be not only running DK, but running
some spam-detection logic on the mails to identify them as spam and
reject them. That analysis will be much more costly than the DK
processing.
If all you do is transit mails, Domain Keys is a proportionately big
hit. If you do anything remotely processing-ish with your mails,
Domain Keys is a proportionately tiny hit.
If after all this work on authentication and reputation systems, we can't
reduce the number of messages we run through SpamAssassin or a Bayesian
classifier, what will we have accomplished? Presumably, if these approaches
are worth anything, they will allow us to reject more spam without running
content filters than we do now. That means that the MTA will authenticate
lots of messages and content filter relatively few. To the extent that we
are successful, the cost of authentication is important.
--
Seth Goodman