RFC 4871, section 3.6.1 says, that if the tag-list in the DNS record contains a flag value of 'y' (i.e. t="y[:s]"), the "Verifiers MUST NOT treat messages from signers in testing mode differently from unsigned email, even should the signature fail to verify.". However, dkim-filter rejects mail. E.g.
----- The following addresses had permanent fatal errors -----
<foobar@....de>
(reason: 550 5.7.0 bad DKIM signature data)