On 2022-07-17 10:29, Dominik George wrote:
tl;dr: DKIM-signed mail is verifiable, but only the headers; the body can be tampered with
That's not true. The body is always part of the signature (in a strict or relaxed way).
> The Signer/Verifier MUST compute two hashes: one over the body of the > message and one over the selected header fields of the message.