Indeed. Does this mean you agree that SSP only applies to unsigned
messages? (Actual non-rhetorical question.)
I would agree here, except for one consideration. It makes it possible
to trivially bypass someone's policy by inserting a completely bogus
signature in all messages claiming to be from them. If anyone has a good
suggestion for how to tell the difference between a signature broken in
transit and one just made up ...
As far as DKIM is concerned, there is no difference between a broken
signature and no signature. A message that arrives with a bogus
signature is unsigned.
R's,
John
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html