I would agree with your statement if you put the word "deployers" between DKIM and MUST. > -----Original Message----- > Unfortunately, the norm is not to make these checks because only DKIM > invites the possible exploit. DKIM MUST accept the role of preventing the > exploit it invites.