Sounds like you agree with me. :)
Its incomplete security analysis and if you going to touch base with
it regarding one attack method you need to take about the others, like
I shown here:
This shows its not only a matter of bad messages, but also bypassing
existing RFC 5322 checking.
Is this not important?
It clearly shows that DKIM needs to check its own DKIM requirements
and not rely on other layer.
Verification is not even mentioned in this new section.
Hector Santos, CTO
NOTE WELL: This list operates according to