[ietf-dkim] Statistics about DKIM and MIME

Rolf E. Sonneveld R.E.Sonneveld at sonnection.nl
Mon Oct 25 04:31:59 PDT 2010 

Hi, Murray,

On 10/25/10 6:21 AM, Murray S. Kucherawy wrote:
>
> OpenDKIM now has enough data to make some interesting observations 
> about signatures and MIME.
>
> As far as MIME encodings go (only the "outermost" encoding was 
> counted), there was a pretty common theme:
>
> binary failed 4% of the time
>
> quoted-printable failed 4% of the time
>
> 7bit failed 7.7% of the time
>
> base64 failed 7.8% of the time
>
> 8bit failed 14% of the time
>
> 16bit (?!) never failed (though there was only one attempt)
>
> I expected 8bit to fail more for some reason.
>

Interesting figures. Especially the 16bit ;-)

> As far as MIME parts go (again, only the "outermost" MIME type was 
> counted), most of them have about a 90-93% survival rate which is 
> about in line with general signature survival rates.
>

This still leaves the question open whether there is any relation 
between MIME labelling and -content transfer encoding, or none at all.

> The one that stands out is "multipart/signed" (from RFC1847) which 
> drops to about a 65% survival rate.
>

I'm not sure whether 'survival' is the correct term in your report. I 
assume you mean percentages of DKIM signatures that verify correctly as 
seen by the verifier? The other 7-10% of signatures can also come from 
Bad Actors who replay signatures with different content of the message. 
It is possible they arrive unchanged at the verifier and then fail 
verification, but that doesn't mean the (replayed) DKIM signature did 
not 'survive'.

> I don't know much about how this is typically formatted or treated 
> enroute, but it was easily the biggest outlier in the report.  Not 
> sure if that should be a surprise to us or not.
>

In general the fundamental question here is indeed about survival rate: 
what is the real and 'exact' percentage of messages, signed by domain 
example.com that still verifies correctly after n hops by the verifier 
where n = 1,2,3,4...

/rolf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mipassoc.org/pipermail/ietf-dkim/attachments/20101025/d55ec838/attachment.html

More information about the ietf-dkim mailing list