RFC5617 has for this tag value:
dkim= Outbound Signing Practices for the domain (plain-text;
REQUIRED). Possible values are as follows:
unknown The domain might sign some or all email.
For my A-R reporting if there an explicit DKIM=UNKNOWN record, I took
this declaration to mean the domain only allows it to sign sometimes
and no one else.
There is no failure handling semantics unlike DKIM=DISCARDABLE, so no
verifier action is done other than A-R record it.
For example, this is such a reporting for a list message posted here
by Alessandro with its tana.it domain.
Authentication-Results: dkim.winserver.com;
dkim=pass header.i=mipassoc.org header.d=mipassoc.org header.s=k00001;
adsp=fail policy=unknown author.d=tana.it signer.d=mipassoc.org
(unauthorized signer);
The "(unauthorized signer)" was added because it was an explicit
DKIM=UKKNOWN DNS record declaration.
If there was no ADSP record, the adsp= info would look like this:
adsp=none author.d=tana.it signer.d=mipassoc.org;
Would that be a reasonable valid A-R reporting for ADSP based on my
interpretation of explicit vs implicit DKIM=UNKNOWN setting?
Of course, it should been labeled as DKIM=OPTIONAL because if someone
went to extent to declare a record, it wouldn't be unknown what he
intended.
--
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html