Surely you're not advocating a MUST NOT strip, or even a SHOULD NOT
strip. The third parties can sign after all and then you'd just trust them
directly.
Why, yes indeed, I'm advocating SHOULD NOT strip. Surely you haven't
forgotten that this is supposed to work with SPF and Sender-ID, where
forwarders can't sign without munging the message. Even if the forwarders
do sign, that doesn't tell us anything about the status of the message
when it arrived at the forwarder which is useful for spam forensics.
Trying to expect unauthenticated cross administrative good bits to
remain good is pretty crazy if you ask me.
There are cases where they do and cases where they don't, and it's not
hard to recognize the ones where they do. Personally, I think it's crazy
to break a useful application because a sufficiently inept user might
misuse it. If we're going down that path, I have a whole lot more
deletions to make.
R's,
John
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html