Mark Martinec wrote: > myself wrote: >> No, there currently is no way to distinguish a temporary failure >> (e.g. a timeout due to network problems) from other DNS failures >> in SpamAssassin's DKIM plugin. > > On the other hand, this isn't too bad. A DKIM validity is commonly > associated with whitelisting or reputation, so a broken signature, > just like a DNS service failure, only means that some negative > score points are absent. A temporary failure need not be treated > any differently than a missing or invalid signature.
How about the case of rejecting/scoring obviously forged senders? I.e. "from-address = facebook.com" and "dkim verification completed, but failed". That is a pretty good reason for a high score or a reject, whereas "from-address = facebook.com" and "dkim verification failed (temp DNS issue)" isn't. /Per Jessen, Zürich
