The point I'm trying to make is that net-nanny like pronouncements of
MUST/SHOULD NOT are pointless if an admin thinks some part of their
population is going to be fooled by it: they'll just ignore it and strip
away.
Admins do stupid things every day. We all agree about that.
I fear you're suffering from a rather severe failure of imagination.
Anybody who picks up mail from more than one mailbox, which is a whole lot
of people these days, is going to have to check that an AR header arrived
via an appropriate path before believing it. Otherwise there's an obvious
attack if one path manages AR headers and the other one doesn't. Ditto
people who forward an address on system A to system B, if A does AR and B
doesn't. Once you're checking the path, it's a trivial amount of extra
work to check another hop or two and look at AR's added farther away.
If you want to strip off potentially useful AR headers, nobody can keep
you from doing that, but don't pretend you're doing your users a favor
when you do.
R's,
John
PS: I get a lot of mail where the From: header is forged. Perhaps just to
be safe I should strip all of them, too.
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html