On 11 Feb 2017, at 21:53, [email protected] wrote:
Further, how does DKIM prove the message wasn't altered? To my knowledge, SPF proves the message came from a qualified server and DKIM proves the FQDN is a match.
DKIM signs a hash of the canonicalized message body and the set of headers specified in the signature. Modify the body or any of those headers, the signature breaks.
