> -----Original Message----- > From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org] > On Behalf Of Hector Santos > Sent: Tuesday, May 17, 2011 9:39 AM > To: Michael Thomas > Cc: dcroc...@bbiw.net; ietf-dkim@mipassoc.org > Subject: Re: [ietf-dkim] New canonicalizations > > Michael Thomas wrote: > > On 05/16/2011 09:39 AM, Dave CROCKER wrote: > > > > My guess is that admins just don't understand any of the subtleties, > > have heard lore that "relaxed" is "better" and just click "relaxed" > > wherever they find it. It may also be the case that some implementations > > don't even have separate nerd knobs for headers and body canonicalization. > > Based on what I see, one SWAG is that the "good" intention people are > using the defaults or relaxed/simple, and spammers tend to use > relaxed/relaxed as the reduced restraint. By far, in my samplings, > the largest group are spammers using relaxed/relaxed.
According to what we have, the biggest users of "relaxed/relaxed" are the large mailbox providers like Gmail and Yahoo and other legitimate senders, not spammers. The top 20, for example: +----------------------------------+----------+ | name | count(*) | +----------------------------------+----------+ | gmail.com | 421745 | | yahoo.com | 313109 | | facebookmail.com | 233441 | | yahoogroups.com | 104523 | | auth.ccsend.com | 90195 | | linkedin.com | 74710 | | google.com | 59049 | | reply.newsmax.com | 53286 | | ATT.NET | 43602 | | sbcglobal.net | 36534 | | googlegroups.com | 34359 | | e.groupon.com | 30350 | | paypal.com | 24568 | | f74d39fa044aa309eaea14b9f57fe79c | 21019 | | emailinfo.bestbuy.com | 17067 | | ebay.com | 16192 | | 636ae4d78ec2b46248fc59ac1ad737df | 14580 | | expediamail.com | 13058 | | bellsouth.net | 12431 | | googlemail.com | 12426 | +----------------------------------+----------+ Total relaxed/relaxed signatures received = 3444978; total above = 1626244 (47%) In fact, the first domain name that (statistically) looked likely to be a spammer is way down on the list, around #106 (out of 63314), and everything before that accounted for 58% of total signatures. So, our data don't agree with the claim, and certainly not with "by far". But I don't understand why this is a useful line of analysis. If spammers are using relaxed/relaxed, they merely have the same concern as a legitimate sender, namely signature survivability. This shouldn't be a surprise. I hope we're not talking about the idea of filtering based on which canonicalization is in use, which is almost certainly a bad idea. -MSK _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html