On 2010-10-13 at 08:13 -0700, Todd Lyons wrote: > In the IETF-DKIM mailing list, it came to light that an attacker could
> send a properly signed email with the attacker's domain, but prepend a
> second From: header that says it's from someone@???, and MUA's
> will show the second From. It doesn't screw up the signature because
> the original From: is what is used to verify the signature. At issue
> is that RFC 5532 requires that an email have only one From: header.
