>Will your "assume one more From than listed in h=" lead to failed >verifications on messages that actually follow the advice in the RFC >to list duplicate headers in their h= values?
The RFC also says you shouldn't sign messages that aren't RFC 2822. So pick your poison. I have to say it's a little surreal to have these arguments about what changes to make to avoid the horrors of a duplicate From: attack that is and likely will always be entirely hypothetical, when we can't even get our act together to deprecate the l= option, including l=0. R's, John _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html