Append to Section 6 Verifier Actions: It is not reasonable to assume a message is in compliance with RFC5322. To mitigate trivial exploitation of trust established by DKIM signatures, messages having multiple header fields for "orig-date", "from", "sender", "reply-to", "to", "cc", "message-id", "in-reply-to", "references", or "subject" MUST always return PERMFAIL for any DKIM signature associated with the message. When there are multiple singleton header fields, a field selected for display or sorting is therefore undefined. Likely top-down selections by consumers of DKIM status where the signature verification selects bottom-up leaves singleton headers highly prone to trivial exploitation.
-Doug _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html