If I sign mail with a private key which does not have a corresponding public key in the DNS, is this worse (for deliverability), than not signing the message at all?
I know will be down to the receiving mail server, which can implement any rules it likes, but I was hoping there is general guidance about this.
The reason I'm asking is that I'll control the signing of some mail, but I can't be sure if/when the person who's responsible for updating the DNS records will do their job. If I just set up my end, the signing, if they don't get around to adding the DNS record for ages, is that a huge problem?
Best Answer
According to RFC 6376:
So it may vary based on receiving server configuration, but probably most will not mark as spam, especially if there is otherwise valid SPF and DMARC records and other indicators of a valid sender (IP address reputation, domain reputation, etc.).