Glen Carreras wrote: > Hello, > > I have searched through the archives and, although I did find a rather > lengthy thread about DK, I didn't find my specific answer. Hopefully > someone here can help me out. I've enabled the DK plugin (and applied > the patch) and for the most part, I believe DK is working but, the > following two headers confuse me as they appear to be conflicting > statements. Are these normal or do I perhaps have something > mis-configured somewhere? > > * 0.0 DK_SIGNED Domain Keys: message has an unverified signature > * -0.0 DK_VERIFIED Domain Keys: signature passes verification
>From looking at the domainkeys plugin, that's normal, and the description is a bit misleading. DK_SIGNED means the message is signed. Period. The follow-on text is trying to explain that DK_SIGNED has not verified the signature, it has merely detected one is present, so the signature may or may not be valid. DK_VERIFIED means the signature passed verification. Based on the code, this will never happen unless the message also matches DK_SIGNED.