1) Make DISCARD rejection a knob and see how it goes.
2) For ALL or just plain old DKIM signatures, use that information
as an end receiver would to make a spam/ham decision, but
otherwise pass *everything* through to the final recipient even
if they're 100% sure they broke the signature. (Forensics)
3) Always resign the message if it's possible.
The open source implementations I have do it this way. Unfortunately I
don't have any data to report from users yet.
Gee, Mike and I agree. (Alert the media!) My DISCARD knob will always
be off, of course, but I expect to use whatever data I can get to decide
what to allow through the list and what not to.
R's,
John
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html