Signers SHOULD NOT remove any DKIM-Signature header fields from
messages they are signing, even if they know that the signatures
cannot be verified. Instead, when a relay alters a message such
that any valid signature gets broken, it SHOULD re-identify the
message by synthesizing a new Message-ID for it, according to
Section 3.6.4 of RFC 5322.
Would that help deterring on-the-fly auto-conversions?
No, and it would be a bad idea, anyway. I often get two copies of a
message, one sent directly to me, one relayed through a mailing list
that changed it enough to break the signature. By any normal
standard, they're the same message, and it's useful to be able to tell
that from the common Message-ID.
Breaking long-established mail semantics to punish people who don't
run mail the way you like is not a good idea. And in any event, if
people were sufficiently aware of DKIM to do what you suggest, they're
aware enough to add a new signature which is the right thing to do.
NOTE WELL: This list operates according to