Re: more looking at stats

From: Mark Martinec <Mark.Martinec+dkim_at_ijs.si>
Date: Fri, 18 Feb 2011 17:42:31 +0100

> > This table pretty much proves my claim (expressed on
> > various occasions) that signing the "To" is asking
> > for trouble (and brings no benefit).

Todd Lyons wrote:
> IIRC, I thought this data is skewed though by a very early bug back
> when I first started submitting stats and turned on broken sig field
> change detection. The bug caused odk to incorrectly detect which
> headers were the broken ones. Murray, can you repeat the query for
> this data but with the first month of two of (my?) data excluded?

That may well be. Regardless, the To and Cc header fields
are quite commonly munged by mailers, let alone by MUAs.
For example, sendmail has a nasty habit of 'prettifying'
the list of addresses if it doesn't fit its idea of a nice form.
Also, some mailers would append a local domain to a
non-FQDN recipient address in a To and Cc header field.

With anything beyond a simple one- or two-recipient lists
in a To header, a likelyhood of breakage is substantial.

As for the perceived benefit of a signed To, I don't see any.
Addresses in this header field are purely informational,
they don't affect mail routing or delivery, and they don't reflect
the final recipient address (e.g. with mailing lists or with Bcc).

  Mark
Received on Fri Feb 18 2011 - 16:42:41 PST