On July 18, 2005 at 08:07, Tony Hansen wrote:
If you're going to worry about "From ", you also need to worry about
">From ", ">>From ", etc. Some of the systems that do > escaping also
escape those forms.
But, and this is a BIG BUT, the systems that perform >From escaping do
it only when the mail is written to the final mailbox, and not to mail
being passed on to other systems.
This is actually a case that you DON'T need to really worry about.
I'm not sure. It gets back to my questions about when signing
and verification is done. From a verification perspective, it
seems useful that MUAs can also verify a message, and it appears
that there is nothing in DKIM (currently) that prohibits this.
MUA-based verification can be handy where the path of the message
from the ISP to the end user may not be completely direct, and the
verification results header field cannot be fully trusted.
--ewh