I recommend the following changes/new text for section 3.3. SSP Record
Syntax:
3.3. SSP Record Syntax
SSP Records MUST match the "tag-list" syntax defined in [RFC4871].
The specific tags used in SSP records are described below.
Unrecognized tags MUST be ignored.
dkim= Outbound signing practices for the domain (plain-text;
REQUIRED). Possible values are as follows:
unknown
Any domain may sign none, some, or all email.
The lack of a SSP record signifies an unknown policy which
allows any domain to sign mail on behalf of the Author domain.
There is no DKIM protocol consistency check for this
unknown policy.
optional
Only the Author Domain may sign none, some, or all email.
This policy is different from the default dkim=unknown policy
which allows for any domain to sign. The dkim=optional
policy is an optional Author Domain only signing practice.
The existence of a 3rd party signature contradicts the DKIM
protocol consistency of this explicit domain policy and
therefore the message SHOULD be rejected without prejudice.
all
All mail from the domain is signed by any domain.
A no signature message contradicts the DKIM protocol
consistency of this explicit domain policy and therefore the
message SHOULD be rejected without prejudice.
Discardable
All mail from the domain is signed with an Author Signature.
Furthermore, if a message arrives without a valid Author
Signature due to modification in transit, submission via a path
without access to a signing key, or other reason, the verifier
MUST reject the message without prejudice.
--
Sincerely
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html