RFC5617 has for this tag value: dkim= Outbound Signing Practices for the domain (plain-text; REQUIRED). Possible values are as follows:
unknown The domain might sign some or all email. For my A-R reporting if there an explicit DKIM=UNKNOWN record, I took this declaration to mean the domain only allows it to sign sometimes and no one else. There is no failure handling semantics unlike DKIM=DISCARDABLE, so no verifier action is done other than A-R record it. For example, this is such a reporting for a list message posted here by Alessandro with its tana.it domain. Authentication-Results: dkim.winserver.com; dkim=pass header.i=mipassoc.org header.d=mipassoc.org header.s=k00001; adsp=fail policy=unknown author.d=tana.it signer.d=mipassoc.org (unauthorized signer); The "(unauthorized signer)" was added because it was an explicit DKIM=UKKNOWN DNS record declaration. If there was no ADSP record, the adsp= info would look like this: adsp=none author.d=tana.it signer.d=mipassoc.org; Would that be a reasonable valid A-R reporting for ADSP based on my interpretation of explicit vs implicit DKIM=UNKNOWN setting? Of course, it should been labeled as DKIM=OPTIONAL because if someone went to extent to declare a record, it wouldn't be unknown what he intended. -- Hector Santos, CTO http://www.santronics.com http://santronics.blogspot.com _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html