[ietf-dkim] Accidental versus malicous error (was: SSP assist
dotis at mail-abuse.org
Wed Dec 19 21:35:51 PST 2007
On Dec 19, 2007, at 10:06 AM, Damon wrote:
> As an operations person, I imagine that I would have a type of
> double-check. I certainly would be monitoring how many good
> signatures that I would be getting from sources that sign. If
> suddenly my average good sign for a particular site went down and my
> average bad sign went up, it would cause me to take notice and have
> a look.
In other words, you would pay attention to bogus DKIM signatures that
are wasting resources and perhaps representing an excess of spam.
Wouldn't you then also pay attention to which SMTP clients gave you
the highest number of invalid DKIM signatures? Would your filter give
credit to a message for including an invalid signature?
Once SMTP clients find they might be blocked for having issued too
many invalid DKIM signatures, they might remove invalid DKIM
signatures beforehand. Although this is in conflict with the base
specification, at least this measure ensures SMTP clients are not
associated with bad behaviours related to bogus DKIM signatures.
If, or when, DKIM signature hygiene does becomes a common practice, as
perhaps it should, then any invalid DKIM signature would be fairly
indicative of either older systems already listed as being DKIM
unfriendly, or newer and perhaps questionable systems behaving badly.
Weighing an invalid DKIM signature as 'implying' a message is likely
to have originated from some domain invites bad behaviour that wastes
valuable resources. Although an invalid signature should be
considered equal to no signature (as also specified in the base
specification), from the responses on this list, expect many will bet
on initial statistics and get this wrong. This does not bode well,
and could represent a sizeable loss of receiver resources.
More information about the ietf-dkim