Applying a signature and ensuring the 2822.From header can not be
modified is not equal to having validated that the account sending
the message represents the recipient of that 2822.From address or
that this account's use of the 2822.From address is valid. Being
included in the signature's hash is not the same as having
validated the associated content.
Forgive me for misunderstanding. You're asking then, for something
that is out of scope of what DKIM claims to do and that DKIM *cannot*
do. If you have an ISP that forges email in your name, domain-level
signing is orthogonal to that problem.
So let's just stop wrapping ourselves around that axle.
Jon
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html