Going back to the original question,
Sam Hartman wrote:
I'd like to go farther: why are we signing the body? We're trying to
prevent spam not modification of existing mail messages. I think that
canonicalizing headers may be challenging enough; do we really need to
solve the problem of canonicalizing bodies on top of this.
It might be sufficient to sign the recipient, date and message-id (or
some other nonce) and to keep a cache of recently seen signatures.
We approached this from the other side: given that the ultimate goal is
to prevent exploitation by spammers, what are the things we need to sign
in order to avoid cut-and-paste attacks? We concluded it was the body
and, in most cases, a very small set of headers, typically From (and
perhaps Sender), Subject, and Date (and most of the signature header
itself). Actually the particular set of headers to be signed isn't
specified (much) in IIM, but we thought it should be the minimum
necessary to get the job done. After all, nobody's going to try to
insert their advertising message in the User-Agent header.
-Jim