Verifiers MUST NOT use the header field names or copied values
for checking the signature in any way. Copied header field
values are for diagnostic use only.
Did we really put this in base? Yes we did.
Its not enforceable as it is at the option of the receiver and so cannot
be a MUST NOT, it could be a SHOULD NOT.
Seems to me this is a semantic niggle. People can implement whatever
variant form of whatever spec they want to, but if they want to
interoperate and implement the signature validation that DKIM specifies,
that have to use the current values of the headers.
I suppose that note could be reworded, e.g.
Informative note: Signature verification uses the
headers contained in the message. Copied header field
values are intended for diagnostic use only.
Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet for
Dummies",
Information Superhighwayman wanna-be, http://johnlevine.com, Mayor
"I dropped the toothpaste", said Tom, crestfallenly.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html