The i= field doesn't do that. DKIM doesn't identify individuals, only
The spec says that it *does* identify a user.
It says that i= is the "user or agent on behalf of which this message is
signed". It gives the example of an agent that's a mailing list, and
we've seen all sorts of other things that people put into i=.
It's certainly true the i= might identify a user, but it's equally true
that it might identify a piece of software, or a 'bot that cracked
someone's CAPTCHA, and without extra info external to DKIM there's no way
a receiver or verifier can tell which of those it was really intended to
So, really, DKIM doesn't identify individuals.
NOTE WELL: This list operates according to