dkim-ops
[Top] [All Lists]

Re: [dkim-ops] Yahoo/BellSouth configuration

2009-08-27 11:46:26
Mark Martinec wrote:
   3.  If the query for the public key fails because the corresponding
       key record does not exist, the verifier MUST immediately return
       PERMFAIL (no key for signature).
[...]
   A verifier SHOULD NOT treat a message that has one or more bad
   signatures and no good signatures differently from a message with no
   signature at all; such treatment is a matter of local policy and is
   beyond the scope of this document.
  

Just to be extra clear, PERMFAIL in this context is a verifier result -- 
just an inability to verify the signature. In order to satisfy the above 
paragraph, this SHOULD NOT result in an SMTP PERMFAIL. This is different 
from a verifier TEMPFAIL, which may result in an SMTP TEMPFAIL.


I think it is plain wrong and a bug if a verifier tempfails a message
on an authoritative DNS failure.
  

Agreed.

-Jim

_______________________________________________
dkim-ops mailing list
dkim-ops(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/dkim-ops