DKIM was not designed to authenticate emails far into the future.
In fact, it does not authenticate any emails without a corresponding public key currently published to DNS. It provides specifically for "empty" or revoked keys to avoid such retro-validation.
Seems the central thesis is that because these messages are patently no longer authenticated by DKIM, we should eliminate any remaining hope of them being construed as authenticated by DKIM.
In fact, it does not authenticate any emails without a corresponding public key currently published to DNS. It provides specifically for "empty" or revoked keys to avoid such retro-validation.
Seems the central thesis is that because these messages are patently no longer authenticated by DKIM, we should eliminate any remaining hope of them being construed as authenticated by DKIM.