[EMAIL PROTECTED] wrote: > Is signing the body at all an essential requirement? Yes, some potential > risk for a replay attack but otherwise "whoami I sent this" should be > sufficient for some providers, > > As long as people support the l= tag, they could use l=0 to not sign the body. This capability has been cited as a reason to get rid of l= because it facilitates such "dangerous" behavior. IMO, if they want to sign such messages, and recipients want to accept them, let them do that.
-Jim _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
