Mark Sapiro writes:
The second problem is what good is even a valid DKIM sig of only a subset of the parts of a message? I.e., if I can take a valid DKIM signed message and add my own MIME part(s) without any cooperation from the original signer, what is the meaning of the sig in this case?
Note that this already has precedent in that not all header fields need to be signed, and in that DKIM already provides a (mostly unused) content-length parameter that would allow adding arbitrary material as a footer (I do mean arbitrary, most MUAs still understand uuencode).
It means that a paranoid MUA won't display the unsigned content at all, and a cautious MUA will take actions like disabling links, displaying with a warning theme, or even presenting those parts as buttons accompanied by warning messages so that the user would have to explicitly request display.
In the end, the semantics of signed or unsigned content are up to the receiver, but I think the above ideas are pretty obvious ways to treat such messages.