Instead of only whitelisting by DKIM success, why not also blacklist by DKIM failure or IP address reputation?
I wouldn't do anything with DKIM failure at this point, since there are way too many reasons that legit mail could arrive with a valid signature.
Whitelisting DKIM sigs from people you know and white and blacklisting of IPs with particularly good and bad histories should work well.
R's, John _______________________________________________ DCC mailing list [email protected] http://www.rhyolite.com/mailman/listinfo/dcc
