>What is the current recommended method to establish or expose that a >DOMAIN should not be signed, is not expected to be signed and that any >DKIM supportive receiver seeing a message with a signature from a >purported domain should be rejected with full confidence?
That's easy: don't publish any key records. If a verifier tries to look up a key record for a signature that doesn't exist, it should get the hint. By design, a broken signature is equivalent to no signature. R's, John _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
