On Jun 3, 2009, at 9:13 AM, Murray S. Kucherawy wrote: >> WTF is the point of inserting an A-R header if you are not willing >> to take responsibility for what you have done by signing it? >> >> And why should anyone else believe your A-R if you have omitted >> that elementary step? > > Because, if you've followed the RFC defining it, the border MTA has > removed any others present that could possibly be misinterpreted by > internal agents. > > You're not required to sign them, but it's not a bad idea.
ISPs seem unlikely sign incoming messages because they include their A- R headers. A-R headers are expected to be removed at border MTAs, so when forwarding, signatures intended to protect A-R headers will normally become invalid. One would not be able to tell whether these signature were being spoofed by the ISPs outbound server, or whether the signature represents a failed attempt to protect A-R headers. Should DKIM signatures not include missing A-R headers? -Doug _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
