On 6/23/11 2:52 PM, John R. Levine wrote: >> Acceptance policies and results for DKIM MUST align with >> what is being displayed in the message. > I'm pretty sure that we have uniformly agreed not to attempt to do MUA > design, so, no, it doesn't. We have no idea what is displayed in the > message. We have no idea if the message will ever be displayed at all. Ian,
John is right. Most headers are displayed selecting top-down and DKIM always selects bottom-up. Headers likely displayed and selected to be signed need to be check by some protocol layer that ensures they are not illegally pre-pended. Unfortunately, both SMTP and DKIM will not make these basic checks. There seems to be a prevailing assumption undefined spam filters will instead intercede. Who should victims blame when these checks are not made? How can a secure system be specified? -Doug _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
