According to draft-ietf-dkim-ssp-01.txt section 4.4, if there's a DNS return other than NOERROR to TXT lookup of _ssp._domainkey.domain,
one "MUST" do an MX lookup on 'domain' to see if it 'exists'. The dkim-milter code actually does a 2nd TXT lookup, instead. There _is_ a comment that says any resource record could be used, but that they picked MX. That with the fact that the word "MUST" is used above, I think dkim-milter should probably really do an MX lookup, even though the current code will function properly.