Right. It becomes a receiver policy, and while I agree (e.g. with John)
that this may be hard (John may say impossible or at least unlikely) to
deploy, why should DKIM `exclude` this?
The simplest reason is that DKIM is signing the 822 message, but the
receipient address is in the 821 envelope, so a signing agent often
won't know what the recipient address will be, and a verifying agent
won't know what the delivery address was.
Keep in mind that nothing we say precludes future experiments, and if
someone confounds my expectations and comes up a way to add path info
into the signature that actually works, we can add it to DKIM 1.1 or
2.0.
R's,
John
I
_______________________________________________
ietf-dkim mailing list
http://dkim.org