On 23 May 2011, at 23:09, Rolf E. Sonneveld wrote: > On 5/23/11 6:35 PM, John R. Levine wrote: >>> In the real world signature reliability matters. If a domain signs mail >>> as a rule then an absent or broken signature will be treated as >>> suspicious. >> I hope you're wrong, since that violates an explicit SHOULD in RFC 4871, >> and in my experience, most broken signatures are due to innocent >> modification in transit, not malice. >> >> Do you have numbers to show that broken signatures indicate that messages >> are malicious, or spam, or otherwise worse than otherwise? > > SpamAssassin assigns a score of something like 0.1 for a message > carrying a DKIM signature and compensates that with -0.1 if the > signature can be verified to be correct. Effectively, this means SA is > penalizing broken signatures...
Barely. That's 0.1 on a default threshold of 5.0, I think. > /rolf > _______________________________________________ > NOTE WELL: This list operates according to > http://mipassoc.org/dkim/ietf-list-rules.html -- Ian Eiloart Postmaster, University of Sussex +44 (0) 1273 87-3148 _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
