SM wrote: > It may be better not to suggest A-R header removal unless the header > contains the inbound verifier's hostname to avoid breaking the signature. I believe in fact that that's the ONLY place it should be mandated.