Re: DKIM sigs started failing. - SpamAssassin

This is a discussion on Re: DKIM sigs started failing. - SpamAssassin ; On 9/4/08 at 9:10 AM -0400 Michael Scheidell wrote: >Anyone else missing the DKIM_VERIFIED rule on legit email? Out of the last 249,000 emails, DKIM_VERIFIED has only hit 18 times. DKIM_SIGNED on the other hand has hit about 58,000 times. ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Re: DKIM sigs started failing.

  1. Re: DKIM sigs started failing.

    On 9/4/08 at 9:10 AM -0400 Michael Scheidell wrote:
    >Anyone else missing the DKIM_VERIFIED rule on legit email?


    Out of the last 249,000 emails, DKIM_VERIFIED has only hit 18 times.
    DKIM_SIGNED on the other hand has hit about 58,000 times.

    Nedry


  2. Re: DKIM sigs started failing.

    > On 9/4/08 at 9:10 AM -0400 Michael Scheidell wrote:
    >> Anyone else missing the DKIM_VERIFIED rule on legit email?

    >
    > Out of the last 249,000 emails, DKIM_VERIFIED has only hit 18 times.
    > DKIM_SIGNED on the other hand has hit about 58,000 times.
    >
    > Nedry
    >

    All legit email?
    Something has happened. You running Mail-DKIM .32 or .31?
    --
    Michael Scheidell, CTO
    >|SECNAP Network Security

    Winner 2008 Network Products Guide Hot Companies
    FreeBSD SpamAssassin Ports maintainer


    __________________________________________________ _______________________
    This email has been scanned and certified safe by SpammerTrap(r).
    For Information please see http://www.spammertrap.com
    __________________________________________________ _______________________


  3. Re: DKIM sigs started failing.

    Larry Nedry,
    > Out of the last 249,000 emails, DKIM_VERIFIED has only hit 18 times.
    > DKIM_SIGNED on the other hand has hit about 58,000 times.


    This is highly unusual, my stats show that overall 80% of messages
    with a DKIM or DK signature bear a valid signature, and 20% fail
    validation. (checking at MTA stage)

    The ratio varies across signing domains. For example a mail
    signed by gmail.com fails in 10% of messages, and discounting
    from this pool messages which passed through some mailing list
    a failure rate is only 0.9% for DKIM signatures of gmail.com,
    (for reasons like a 'resent' or due to failed DNS lookups).

    If you see much worse results that this, either your Mail:KIM
    module is too old, or you use some pre-filtering appliance or some
    MTA which is garbling your mail. Checking signatures late, i.e.
    after mail delivery (by MUA or procmail or collected by fetchmail)
    is another likely reason for signature failures. It deserves
    to be investigated and fixed.

    The current version of Mail:KIM is 0.32, the 0.31 should be
    fine too.

    Mark


+ Reply to Thread