and a great deal of potential for problems resulting from the flawed
assumption that the signature must have been valid at some point in
time, or it and its matching A-R headers would not be present.
That strikes me as more of an educational problem than a technical one.
After years of filtering based on trying to block the bad stuff, it's easy
to assume that any filtering technology has to be extremely complicated
to use, since bad guys change all the time, and good guys occasionally
change, too.
But not we're trying to recognize and accept the good stuff, so DKIM usage
boils down to two easy rules:
1) Put valid signatures on all your mail.
2) Don't send (and sign) mail that will annoy the recipients.
It is in the interest of legitimate senders to do both of these, which
means that everyone should want to sign their mail. So the solution
to broken signatures is not for receivers to do backflips trying to
guess what a broken signature might mean, it's to tell senders to be
sure there's a valid signature if they want their mail recognized.
R's,
John
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html