1 - All mail from this domain is signed (valid).
3 - This domain sends no mail (effectively equivalent to [1]).
I don't think these two are equivalent.
Sigh. Please provide an operational example where a reciever would
treat mail differently. To help things along, here are the cases:
a) Unsigned message from domain arrives. Since there is no valid
signature, there is no relevant key record in the DNS.
b) Signed message from the domain arrives. Since there is a valid
signature, it was verified using a valid key record from the domain's
DNS.
Straightforward case analysis:
1-a: throw message away, it's forged
3-a: throw message away, it's forged
1-b: accept mail with good signature
3-b: accept mail with good signature, perhaps tell domain owner that his
SSP is bogus
R's,
John
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html