Murray S. Kucherawy wrote: > I'm worried about that third sentence. If people are encouraged not > to sign Subject:, for example, which is a popular display header field, > one could spamify that field and re-send the message. > > If you subscribe to the idea that a DKIM signature reflects a > domain taking some responsibility for a message, I'd have a hard > time not signing Subject: (or From:) for any reason.
+1, but nonetheless, it isn't a required header to be hash bound to the signature so there isn't much we can do about that but preach it and in software, make it a default header among the list of headers to be signed. -- Hector Santos, CTO http://www.santronics.com http://santronics.blogspot.com _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
