> -----Original Message----- > From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org] > On Behalf Of Scott Kitterman > Sent: Monday, May 23, 2011 10:12 AM > To: ietf-dkim@mipassoc.org > Subject: Re: [ietf-dkim] 8bit downgrades > > > Do you have numbers to show that broken signatures indicate that messages > > are malicious, or spam, or otherwise worse than otherwise? > > None that I can share unfortunately. IME no signature is more suspicious than > a broken one (as you suggest, I think most breakage is innocent), but putting > broken and no signature into the same bucket is the most sensible and RFC > compliant way to approach it.
Interesting. I ran some queries on our data for ebay.com, paypal.com, chase.com and bankofamerica.com. In all cases, messages with failed signatures were never tagged by Spamassassin, and at most 7% (usually less) of unsigned mail where the From: field contained those domains was tagged. This seems to concur with the "most breakage is innocent" theory and also supports the notion that treating a broken signature as equal to no signature is almost always the right way to go. _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html