What is the current recommended method to establish or expose that a
DOMAIN should not be signed, is not expected to be signed and that any
DKIM supportive receiver seeing a message with a signature from a
purported domain should be rejected with full confidence?
That's easy: don't publish any key records. If a verifier tries to
look up a key record for a signature that doesn't exist, it should get
the hint.
By design, a broken signature is equivalent to no signature.
R's,
John
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html