Magnus Holmgren wrote:
One remark I haven't seen yet is that the "DomainKey-Signature:" field can
include an "h" tag, which specifies which header fields are included in the
signature. If that tag is included (and I think it usually is(?)) and there
aren't already any X-Spam-* fields that have been signed, then it should be
safe to add SA's header lines below, just like before. If the "h" tag isn't
present, adding it shouldn't change the verfication status, but I don't think
it's allowed.
You can't alter the signature. The signature tags are all used in
calculation of the key.
Always prepending SA's header lines clearly is the easiest thing to do.
(Yes, I think it looks ugly, too.)
Me too, but it's probably just because I'm used to it. Always adding new
headers to the top has the additional benefit that it's easier to see which
relay added what.
Personally, I now prefer the headers being prepended over them being
appended. There was about a week or two where I wasn't sure about it
though.
Daryl
