I mostly agree. (Wow!) >1) During the handling of a message in conjunction with a DKIM result that >indicates a >valid signature, consider as valid only those fields and the body portion that >was >covered by the signature. Note that this is not to say unsigned content is >not valid, >but merely that the signature is making no statement about it. > >2) Refuse outright to sign or verify any message that is not syntactically >valid.
Rather than be so absolutist, I'd say "any message with syntax errors that are likely to cause MUAs or other applications to interpret it inconsistently." The thought is that two Subject lines is worth rejecting, an extra at sign in the Message-ID is not. R's, John _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
