John Levine wrote: >> What is the current recommended method to establish or expose that a >> DOMAIN should not be signed, is not expected to be signed and that any >> DKIM supportive receiver seeing a message with a signature from a >> purported domain should be rejected with full confidence? > > That's easy: don't publish any key records. If a verifier tries to > look up a key record for a signature that doesn't exist, it should get > the hint.
So this is obvious fraud. NO KEY means its not possible to sign. Therefore any signature in the message, means its a fraud, a fake. Ok, makes sense. > By design, a broken signature is equivalent to no signature. Yeah, that RFC 4871 anomaly "Failure Promotion to no signature" always did baffled me. Its like getting away with murder because police procedure was not followed. -- Sincerely Hector Santos http://www.santronics.com _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html