On 6/23/11 2:52 PM, John R. Levine wrote:
Acceptance policies and results for DKIM MUST align with
what is being displayed in the message.
I'm pretty sure that we have uniformly agreed not to attempt to do MUA
design, so, no, it doesn't. We have no idea what is displayed in the
message. We have no idea if the message will ever be displayed at all.
John is right. Most headers are displayed selecting top-down and DKIM
always selects bottom-up. Headers likely displayed and selected to be
signed need to be check by some protocol layer that ensures they are not
illegally pre-pended. Unfortunately, both SMTP and DKIM will not make
these basic checks. There seems to be a prevailing assumption undefined
spam filters will instead intercede. Who should victims blame when
these checks are not made? How can a secure system be specified?
NOTE WELL: This list operates according to