Douglas Otis wrote:
Verification results based upon an added header might be spoofed when
an MTAs is not configured to remove them. In addition, these headers
will not be reliably present until universally adopted, perhaps many
years from now. While the header might be removed normally, there
could also be backup paths where the header is once again not removed.
The transport of the verification results to the MUA or other receiver agent
that actually makes decisions on acceptance/validity of a message (discard,
file, whatever) is outside of the scope of DKIM.
However, any such method will require a way to distinguish between signatures
that is better than "I'm talking about the third one", so that's what I'm hoping
to introduce here.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html