A dkim compliant mta will do a dip on my dns records and find no ssp
or
dk record and drop the message as non compliant.
if the signature succeeds, why do they need to check ssp?
I was making an assumption that if it's the first time cox.com has hit
that mta they would get the values for both public key and ssp to cache
them locally. If a subsequent message fails cached info then a re-dip of
the zone records would either reflect new correct values or be the same
as the currently cached records and fail signature processing. I would
think that keeping a local cache would speed things up.
Bill Oxley
Messaging Engineer
Cox Communications, Inc.
Alpharetta GA
404-847-6397
bill(_dot_)oxley(_at_)cox(_dot_)com
_______________________________________________
ietf-dkim mailing list
http://dkim.org