Is it a tool for the SMTP server to reject messages from SMTP clients that
are doing something unauthorized? Is it a tool for post-acceptance
filtering and routing in the MDA? Is it a tool meant to give MUAs
information to display to end users?
In my implementation, the SMTP server does all the DKIM checking and either
rejects the message outright or documents the results in an AR header.
Assuming the message isn't rejected, my MTA router code, which invokes my
filters, add/subtracts from the heuristic scoring, etc based on what it
finds in the AR header. Finally, under precise conditions my web-based MUA
will display a notice along the lines of what Yahoo is doing. This also is
triggered by the AR header. The key for me is to do the DKIM checking
during the SMTP session and document the results in an AR header for use
later down the processing chain (MTA/MUA) - this is just how my particular
implementation does it, your mileage may vary :)
--
Arvel
_______________________________________________
ietf-dkim mailing list
http://dkim.org