>Right. It becomes a receiver policy, and while I agree (e.g. with John) >that this may be hard (John may say impossible or at least unlikely) to >deploy, why should DKIM `exclude` this?
The simplest reason is that DKIM is signing the 822 message, but the receipient address is in the 821 envelope, so a signing agent often won't know what the recipient address will be, and a verifying agent won't know what the delivery address was. Keep in mind that nothing we say precludes future experiments, and if someone confounds my expectations and comes up a way to add path info into the signature that actually works, we can add it to DKIM 1.1 or 2.0. R's, John I _______________________________________________ ietf-dkim mailing list http://dkim.org
