Sounds like you agree with me. :) Its incomplete security analysis and if you going to touch base with it regarding one attack method you need to take about the others, like I shown here:
http://mipassoc.org/pipermail/ietf-dkim/2010q4/014802.html This shows its not only a matter of bad messages, but also bypassing existing RFC 5322 checking. Is this not important? It clearly shows that DKIM needs to check its own DKIM requirements and not rely on other layer. Verification is not even mentioned in this new section. Why not? -- Hector Santos, CTO http://www.santronics.com http://santronics.blogspot.com _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html