There is a trivial mechanism that can cut down SSP lookups to almost
nothing: don't query domains from which you've never received a valid
DKIM signature.
My network gets tons of fake mail from HSBC UK and no real mail from
them since none of my North American users have an account there. How
would I be able to tell that it should have been signed?
R's,
John
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html