John R. Levine wrote: >> http://www.opendkim.org/stats/report.html#l_tag >> >> You can see the count that have "l=" smaller than the final message size as >> well as the "l=0" ones, and how many of those passed or failed. >> >> That's out of 155972 signatures that used "l=", and 4.36M total signatures >> observed, in just over eight months of data. > > Hmmn. If my arithmetic is right, about 95% of l= signatures didn't cover > the whole body, and only a few of those were l=0. Your users must > subscribe to different mailing lists than I do.
of course, we don't all live in the same levine list world. What I found in a quick grep scan of ~7000 list messages: 137 used l= with some value 3 used l=0 from the same source More details: - Sorted down to 37 domains, 36 unknown, 1 known domain, - Except for 1 known, all mail from the 36 was spam, - 20 of them had the same patterns but different domains, and - the 20 used two signatures, sha1 and sha256 The collection were saved prior to verification so I don't know off hand if they failed or the actual body counts. In my network of mail, I will say, l= is used by spammers blasting list mail to their collected emails addresses to spam. -- Hector Santos, CTO http://www.santronics.com http://santronics.blogspot.com _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html