Comment 4 for bug 881237

The current version gets a "KeyFormatError" exception for this and other publisher screwups. An email application can (and should) treat this differently than a signature failure - usually the same as if there were no DKIM sig at all.

For that matter, dropping mail on a DKIM sig failure would be problematic anyway because of persistent problems with MTA modifications. I recently talked to a guy who insisted that "optimizing" attachments by changing the charset and encoding to save a few bytes was a perfectly legit thing to do. If his attitude prevails, then DKIM is dead in the water. (Although that problem could be fixed by decoding all attachments and translating all charsets to UTF-8 before computing hashes - and attachments could be individually signed as well if you go to that trouble.)