As with most service providers caring about their mail hygiene, I'm very much interested in the ongoing initiatives on sender authentication.
Although the number of MSP's that are having difficulties with mail delivery due to SPF/SIDF, they are still out there. So I was actually planning to use DK(IM) in combination with SPF/SIDF verification.
The idea is to block mails that fail SPF/SIDF verification, unless the message gets a pass from DK(IM). That definetely would decrease the number of SPF/SIDF failures, due to mail forwarders..
However, when actually trying this in a live environment, it becomes clear that most service providers are still using DK, rather than DKIM. Now, I'm not willing to start any discussion about DK vs DKIM here- but I would like to understand the reasining behind IronPort not supporting any DK verification on the inbound, while supporting both DK and DKIM signing on the outbound (even simultaneously in the latest AsyncOS releases).
And yes, I know- eventually we'll all use DKIM, but that's the future; not the present.
So in other words: what's the reason for supporting DK signing, when AsyncOS does not support DK verification? :?: