Subject: Buy fake watches at fakewatch.example.com!
Will some clients display the second subject line? I suspect some
will. Do we need to recommend that signers also add a protective second
subject: to their h= value? Or do we need to require that verifiers
make sure that any header fields that are signed and aren't supposed to
be duplicated, aren't? I'm not sure, but right now I'm leaning toward
I went through pretty much the same thought process and came to the
It seems to me that there are some fairly cheap extra checks tht a
verifier can make that will defend against malformed mail that would
be likely to display confusingly in an MUA. Yes, it's technically not
DKIM's job to verifiy 5322 conformance of incoming mail, but as Barry
noted, it's not anyone else's job, either.
NOTE WELL: This list operates according to