OK a new point, the SSP requirements need to be addressed to different audiences:
1) Authors of software 2) Operators of software. It seems to me that a lot of points here are only discussing the second and thus we end up with more heat than light as there is considerably greater variation in operational situations than many expect. The specification is going to be written primarily for the authors of the software rather than operators. So many times a MUST is going to be 'a compliant DKIM verifier MUST allow configuration X'. I think it is reasonable to state that a compliant package MUST NOT reject verification failures out of hand. Whether that is possible is another issue since it is a policy issue and MUST is generally reserved for interface compatibility issues. _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html