On Mon, Dec 1, 2008 at 11:33 PM, Murray S. Kucherawy
<msk(_at_)sendmail(_dot_)com>wrote:
Current wisdom among [DKIM] verifier implementations is to avoid
taking final filtering actions such as rejecting messages based on a
"fail" result, as there are plenty of legitimate reasons a signed
message might fail to verify. Instead, such messages should
generally be treated as though they were not signed at all. Thus, a
verifier MAY elect to report "neutral" in place of "fail" to
discourage needlessly harsh reactions from downstream agents.
This seems like a bad idea to me; verifiers can always say whatever they
like but encouraging them to report less accurate information seems like a
poor choice for the long term compared to just reporting the most accurate
status. Why would we recommend verifiers "lie" instead of recommending
downstream agents to consider accepting failed signatures?
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html