[ietf-dkim] Statistics about DKIM and MIME

Murray S. Kucherawy msk at cloudmark.com
Mon Oct 25 10:01:29 PDT 2010 

> -----Original Message-----
> From: John R. Levine [mailto:johnl at iecc.com]
> Sent: Monday, October 25, 2010 8:07 AM
> To: Murray S. Kucherawy
> Cc: ietf-dkim at mipassoc.org
> Subject: Re: [ietf-dkim] Statistics about DKIM and MIME
> 
> > The one that stands out is "multipart/signed" (from RFC1847) which drops
> > to about a 65% survival rate.  I don't know much about how this is
> > typically formatted or treated enroute, but it was easily the biggest
> > outlier in the report.  Not sure if that should be a surprise to us or not.
> 
> I'm surprised.  That suggests something often adds the S/MIME signature
> after the DKIM signature, but as far as I know, S/MIME signatures are
> usually applied by the MUA.
> 
> Do the stats say what kind of failure it was, e.g. body hash or header
> hash?

Actually it's worse than I said originally.  We track pass/fail in two bits, one being whether or not the crypto lined up and the other being whether or not the body hashes matched.  Thus, it's possible to get a "pass" coupled with a body hash change.  I had only selected for the first bit.

So here are the stats again.  The first column is obviously the media type; the second is the count of signatures covering a message with that type as the outermost MIME part; the third column is the number of those that passed in both the crypto and the body hash sense, and the fourth is the pass percentage.

application/ms-tnef               26      23      88.5%
application/pdf                   16      16      100%
message/disposition-notification  10      10      100%
message/rfc822                    2       2       100%
multipart/alternative             290865  265270  91.2%
multipart/mixed                   38509   35370   91.8%
multipart/related                 7959    7149    89.8%
multipart/report                  958     883     92.2%
multipart/signed                  314     86      27.4%
text                              13      13      100%
text/calendar                     34      32      94.1%
text/html                         63144   55880   88.5%
text/plain                        72195   55415   76.8%

In the particular case of multipart/signed there were 106 messages where the RSA verification failed, but 122 where it passed but the body hash at the verifier didn't match the one in the signature.  So more failures occur from body changes than do from header changes.

More information about the ietf-dkim mailing list