+This variable can be overwritten using an ACL 'set' modifier.
+This might, for instance, be done to enforce a policy restriction on
+hash-method or key-size:
+.code
+ warn condition = ${if eq {$dkim_algo}{rsa-sha1}}
+ condition = ${if eq {$dkim_verify_status}{pass}}
+ logwrite = NOTE: forcing dkim verify fail (was pass)
+ set dkim_verify_status = fail
+ set dkim_verify_reason = hash too weak
+.endd
+
+After all the DKIM ACL runs have completed, the value becomes a
+colon-separated list of the values after each run.
+