The non dkim compliant mta who hasn't deployed dkim yet or knowing much
about it places a rule stating that signed messages should be allowed to
travel inbound without further checking because dkim is new and safe.
non-dkim compliant, but nonetheless makes a policy decision based on the
presence -- and not even the validity -- of a signature?
that sort of receive-side behavior seems sufficiently misguided that I can't
imagine a need to protect against it by our work.
A dkim compliant mta will do a dip on my dns records and find no ssp or
dk record and drop the message as non compliant.
if the signature succeeds, why do they need to check ssp?
d/
--
Dave Crocker
Brandenburg InternetWorking
<http://bbiw.net>
_______________________________________________
ietf-dkim mailing list
http://dkim.org