[opendkim-dev] Re: On-KeyNotFound option
At 13:24 26-08-2009, Murray S. Kucherawy wrote:
>I've so far opted to respond to those by temp-failing (by default)
>in case a signed message gets to a verifier before the DNS update
>happens. Negative caching eventually expires, allowing the message
>to verify later once correct propagation has occurred.
That's fine with me. The error message returned by the filter is:
451 4.3.2 Please try again later
The Enhanced code is incorrect in my opinion. 4.7.0 may be a better
fit. The "Please try again later" isn't that informative. Maybe we
should add "DKIM public key not found in DNS" or "cannot retrieve
selector._domainkey.example" to inform the sending end of the problem.
Regards,
-sm
Received on Wed Aug 26 2009 - 21:44:12 PST
This archive was generated by hypermail 2.3.0
: Mon Oct 29 2012 - 23:32:29 PST