[opendkim-dev] Re: On-KeyNotFound option

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Murray S. Kucherawy <msk_at_cloudmark.com>
Date: Wed, 26 Aug 2009 13:24:36 -0700

> -----Original Message-----
> From: opendkim-dev-bounce_at_lists.opendkim.org [mailto:opendkim-dev-
> bounce_at_lists.opendkim.org] On Behalf Of SM
> Sent: Wednesday, August 26, 2009 12:34 PM
> To: opendkim-dev_at_lists.opendkim.org
> Subject: [opendkim-dev] On-KeyNotFound option
>
> [...]
>
> I'll elaborate on a different case. Let's say I take one of your
> DKIM-Signature headers, change the selector and append it to a
> message. Is that a bad signature or a DNS "error"?

I've so far opted to respond to those by temp-failing (by default) in case a signed message gets to a verifier before the DNS update happens. Negative caching eventually expires, allowing the message to verify later once correct propagation has occurred.
Received on Wed Aug 26 2009 - 20:24:55 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:32:29 PST