On 5/24/11 1:30 PM, Ian Eiloart wrote: > On 23 May 2011, at 23:09, Rolf E. Sonneveld wrote: > >> On 5/23/11 6:35 PM, John R. Levine wrote: >>>> In the real world signature reliability matters. If a domain signs mail >>>> as a rule then an absent or broken signature will be treated as >>>> suspicious. >>> I hope you're wrong, since that violates an explicit SHOULD in RFC 4871, >>> and in my experience, most broken signatures are due to innocent >>> modification in transit, not malice. >>> >>> Do you have numbers to show that broken signatures indicate that messages >>> are malicious, or spam, or otherwise worse than otherwise? >> SpamAssassin assigns a score of something like 0.1 for a message >> carrying a DKIM signature and compensates that with -0.1 if the >> signature can be verified to be correct. Effectively, this means SA is >> penalizing broken signatures... > Barely. That's 0.1 on a default threshold of 5.0, I think.
Granted, it's a small penalty, yet it's a penalty. And also (to get back to John's question) it doesn't mean that [...] a broken signature indicate that messages are malicious, or spam [...]. It just means that in the real world there are systems, even widely used systems, which does by default treat messages with a broken signature not equal as if the message had no signature at all. /rolf _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html