DKIM Statistics

In v2.1.0, OpenDKIM introduced comprehensive statistics gathering package included as an option. If enabled, it logged to a local database information about the DKIM properties of every message that the filter sees, including those that weren't even signed.

The purpose of this statistics gathering was twofold:

  1. To gather statistics you could use to analyze what you're seeing at your site in terms of signed messages, unsigned messages, messages that fail verification, multiply-signed messages, third-party signatures, etc.
  2. To submit the above statistics, with most of the identifiable properties hidden if you wish, back to The Trusted Domain Project so we can measure DKIM's deployment, level of activity and general effectiveness, and possibly identify specific problem areas or interesting patterns.

The data we collected were used to create the RFC4871 Implementation Report in support of the efforts of the DKIM Working Group at the IETF to advance DKIM to Draft Standard status. The Working Group expresses its thanks to those that participated!

In v2.5.0, much of this mechanism is being stripped down as a lot of the data collected back then is no longer needed. Instead, a reduced data set is being collected in support of research toward producing a DKIM-based domain reputation system. This system can be used to develop localized reputation based only on your own observations about what is acceptable mail and what is not, or you can submit it back to The OpenDKIM Project to collaborate in the research and development of this system, and benefit from it as it evolves.

You are not required to participate. In fact, it is necessary to provide a specific build-time option just to get the statistics stuff compiled in (and the filter works just fine without doing so), and then you'd need to take specific additional actions to submit the data back to The OpenDKIM Project. The data submitted will identify you as the submitter, and the From: domain and the signing domain(s) of the mail it records will be revealed, but no content or recipient information will be returned to The Trusted Domain Project. Since the source code is open, you can confirm this for yourself.

If you are interested in experimenting with the statistics features or learning more, download v2.2.0 or later and look at the README file in the stats directory.

Please submit any questions about this effort to the opendkim-users mailing list.

The latest auto-generated report based on submitted data can be found here.