[ietf-dkim] l= statistics was 23 again (sorry John) was Output
hsantos at isdg.net
Fri May 6 08:54:46 PDT 2011
John R. Levine wrote:
>> You can see the count that have "l=" smaller than the final message size as well as the "l=0" ones, and how many of those passed or failed.
>> That's out of 155972 signatures that used "l=", and 4.36M total signatures observed, in just over eight months of data.
> Hmmn. If my arithmetic is right, about 95% of l= signatures didn't cover
> the whole body, and only a few of those were l=0. Your users must
> subscribe to different mailing lists than I do.
of course, we don't all live in the same levine list world.
What I found in a quick grep scan of ~7000 list messages:
137 used l= with some value
3 used l=0 from the same source
- Sorted down to 37 domains, 36 unknown, 1 known domain,
- Except for 1 known, all mail from the 36 was spam,
- 20 of them had the same patterns but different domains, and
- the 20 used two signatures, sha1 and sha256
The collection were saved prior to verification so I don't know off
hand if they failed or the actual body counts.
In my network of mail, I will say, l= is used by spammers blasting
list mail to their collected emails addresses to spam.
Hector Santos, CTO
More information about the ietf-dkim