The alleged half-implemented DKIM within a domain makes no sense
whatsoever - why would a domain work really hard to maintain
thousands or millions of records, so that the spammers can continue
to forge spam from their domain with policy-assured freedom?
They won't.
The sensible solution is to dispense with all this user-signed nonsense.
It does no real good.
Domains should be free to set up as many keys as they want, and use
them however they want. If they want to set up a million keys, one
for each user, well, that's dumb in my opinion, but let them, because
it's not for me to dictate. At any rate, this will handle any odd
situations where users have a legitimate need to self-sign.
BUT: this should all be part of the standard mechansim for distributing
valid keys, and should not in any way be a special case for user
validation. It should simply be part of the selector mechanism.
tom
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html