I’ve been preaching “DKIM is great! DomainKeys is obsolete, get rid of it!” for several years now. I thought I’d take a look at my mailbox and see who was using authentication.
I’ve divided this into “Ham” and “Spam”. Spam is, well, all the spam I’ve received over the past couple of years. Ham is the non-spam mail in my inbox, whether personal, business, bulk or transactional. I’ve excluded most of the discussion mailing lists I’m on (not least because many of them consist of people in the email industry or are email standards development mailing lists, so have email authentication levels that are way outside the norm).
Most legitimate mail – between 50% and 70% – is authenticated using DKIM, but signing levels seem fairly steady, with maybe a slight upward trend. Very little spam is authenticated at all. DomainKeys usage is pretty low, and seems to be gradually declining.
The end result isn’t terribly surprising, but having hard numbers is mildly interesting.