The non dkim compliant mta who hasn't deployed dkim yet or knowing much about it places a rule stating that signed messages should be allowed to travel inbound without further checking because dkim is new and safe.
non-dkim compliant, but nonetheless makes a policy decision based on the presence -- and not even the validity -- of a signature?
that sort of receive-side behavior seems sufficiently misguided that I can't imagine a need to protect against it by our work.
A dkim compliant mta will do a dip on my dns records and find no ssp or dk record and drop the message as non compliant.
if the signature succeeds, why do they need to check ssp? d/ -- Dave Crocker Brandenburg InternetWorking <http://bbiw.net> _______________________________________________ ietf-dkim mailing list http://dkim.org