>In this case, we've gone to some lengths to make the environment >pure, by using the underscore branch. And then along come these >pesky wildcards.
Even without wildcards, there's been a variety of broken key records. I would hope it would be obvious that you have to assume that any data you haven't previously verified is potentially hostile, either deliberately or by mistake. This refers to DNS keys, DKIM signatures, and the message you're trying to sign or verify. By the way, has everyone tested their signing code to see what happens if there's no From: header at all? Do we even agree what the right thing is? I'd think it'd be approximately the same as if the private signing key (the only other mandatory input I can think of at the moment) wasn't present. R's from PHL gate F18, John _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html