>and a great deal of potential for problems resulting from the flawed >assumption that the signature must have been valid at some point in >time, or it and its matching A-R headers would not be present.
That strikes me as more of an educational problem than a technical one. After years of filtering based on trying to block the bad stuff, it's easy to assume that any filtering technology has to be extremely complicated to use, since bad guys change all the time, and good guys occasionally change, too. But not we're trying to recognize and accept the good stuff, so DKIM usage boils down to two easy rules: 1) Put valid signatures on all your mail. 2) Don't send (and sign) mail that will annoy the recipients. It is in the interest of legitimate senders to do both of these, which means that everyone should want to sign their mail. So the solution to broken signatures is not for receivers to do backflips trying to guess what a broken signature might mean, it's to tell senders to be sure there's a valid signature if they want their mail recognized. R's, John _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
