[opendkim-dev] Re: On-KeyNotFound option

From: SM <sm_at_resistor.net>
Date: Wed, 26 Aug 2009 14:43:48 -0700

At 13:24 26-08-2009, Murray S. Kucherawy wrote:
>I've so far opted to respond to those by temp-failing (by default)
>in case a signed message gets to a verifier before the DNS update
>happens. Negative caching eventually expires, allowing the message
>to verify later once correct propagation has occurred.

That's fine with me. The error message returned by the filter is:

   451 4.3.2 Please try again later

The Enhanced code is incorrect in my opinion. 4.7.0 may be a better
fit. The "Please try again later" isn't that informative. Maybe we
should add "DKIM public key not found in DNS" or "cannot retrieve
selector._domainkey.example" to inform the sending end of the problem.

Regards,
-sm
Received on Wed Aug 26 2009 - 21:44:12 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:32:29 PST