In the outgoing emails we use in our domains SPF + DKIM without any problem.
But with the inbound emails some time ago we're receiving emails from some of our customers/suppliers signed with DKIM, but they don't have set any public signature on it's DNS Servers.
In that case our server answers a 5.5.0 error saying:
550-DKIM: encountered the following problem validating domain.com:
550 pubkey_unavailable
We found lots of customers/suppliers which are using Google hosted mail (Google Apps). Google servers sign the mails using DKIM but they don't set the DKIM signature on it's DNS servers.
IMHO it's a bad configuration on it's part because if you're signing the email I should check the signature. And if I don't find the domain signature I cannot check if the mail it's legal or not, so I return it to you.
This should be the correct behavior, or I should acccept these emails?