I don't so much view DKIM as protecting content; rather, my current view of its
semantics aligns with the whole "taking some responsibility for" approach. In
essence, when an agent conducts verification, it is presenting the hashed
content to the signer and asking, "Did you take some responsibility for this?"
A successful verification is an implicit "yes". And thus, a signer should only
sign those parts of the header and body for which it wants to accept
responsibility. Most of the time that should be most or all of the message,
but there might be a point at which an intermediary or relay doesn't want to do
that, but rather just wants to sign the parts it added or changed (as much as
it's possible to do so).
In the MLM's case, the entire body plus any fields it added or changed seems
like the appropriate content over which to make some assertion of
responsibility.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html