Murray S. Kucherawy wrote:
I'm worried about that third sentence. If people are encouraged not
to sign Subject:, for example, which is a popular display header field,
one could spamify that field and re-send the message.
If you subscribe to the idea that a DKIM signature reflects a
domain taking some responsibility for a message, I'd have a hard
time not signing Subject: (or From:) for any reason.
+1, but nonetheless, it isn't a required header to be hash bound to
the signature so there isn't much we can do about that but preach it
and in software, make it a default header among the list of headers to
be signed.
--
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html