On Thursday, July 07, 2011 01:59:17 AM Michael Deutschmann wrote:
...
In real life, however, if you don't have the power to demand that a
recipient mail admin block incoming double-From: messages, then you don't
have the power to demand that they deploy DKIM at all.
...
I think you are confusing protocol with implementation. There's nothing the
prevents receivers from ensuring messages that have been modified after signing
with an additional From fail verification.
I'm working with someone on an implementation and I think we're going to
assume one more From than listed in h= when verifying to ensure nothing has
been added.
Scott K
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html