At 11:29 PM -0700 5/2/06, Dave Crocker wrote:
When a signature fails to validate, the message should be processed as
if that signature is not present.
+1; clear simple wording that is easy to implement.
At 8:20 AM -0700 5/3/06, Douglas Otis wrote:
The process should track the number of attempts made verifying
signatures for a message. This concern differs from "as if that
signature were not present." Without a reasonable limit for the
process, DKIM verification itself can become a threat.
-1; this is an edge-case that is not worth being discussed in the
NOTE WELL: This list operates according to