And yet, treating any random third party signature as if it's just as
valid as a first party signature is, as I expect you'd agree, the kind
of security issue that would cause someone to stand up on a chair and
shout "DKIM will never be useful for anything, and you people all suck
toads!"
I suppose, although it mostly makes me wonder if there's any way to
explain DKIM to the bufophagists.
A third party signature from a stranger is useless, I don't ever
recall anyone claiming otherwise, and I've never understood why this
red herring comes up over and over and over and over and over again.
But a first party signature from a stranger is equally useless, unless
one finds assertions along the lines of "I, Mr. X, really sent this
spam!" to be helpful.
R's,
John
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html