[ietf-dkim] Corner cases and loose ends, was , draft-vesely-dkim-joint-sigs
iane at sussex.ac.uk
Tue Sep 28 04:24:43 PDT 2010
--On 27 September 2010 11:39:43 -0700 Dave CROCKER <dhc at dcrocker.net> wrote:
> On 9/27/2010 11:04 AM, Murray S. Kucherawy wrote:
>>> From: ietf-dkim-bounces at mipassoc.org [mailto:ietf-dkim-
>>> bounces at mipassoc.org] On Behalf Of John R. Levine
>>> It is not my impression that they all do the full DKIM validation while
>>> the SMTP session is open. Mine doesn't.
>> The milter-based ones like OpenDKIM and dkim-milter do.
> It's been a significant revelation, for me, to realize how common it is
> for DKIM processing to occur during the SMTP session.
> So SMTP issues reduce to finding ways of preventing the cross-net
> transfer of data or even of preventing the SMTP session. Oddly, I think
> the latter is more feasible than the former.
Actually, it's not the traffic that I see as the problem. It's the amount
of processing that is performed on the body of the message. We already use
SpamAssassin and ClamAV on every message that we accept, and that's way
more effort than a DKIM verification.
However, with Spamhaus' new DKIM/domain and IP whitelists, I expect to be
able to reduce the SpamAssassin scanning (we'd never fail to use ClamAV),
once we have confidence in the whitelists. Therefore, I expect to be able
to reduce the load on our hosts when good DKIM signatures are present.
For domains like gmail.com, I'm considering working on rate-limiting by
author address. Of course, the rate limit would be different for a message
with a dkim pass.
IT Services, University of Sussex
For new support requests, see http://www.sussex.ac.uk/its/help/
More information about the ietf-dkim