Incoming SMTP in the year 2017 and absence of DKIM (fwd)

In article <>,

The only way that I can think of is for the originating mail server to
DKIM sign the message twice, 1st with the classic DKIM-Signature w/o the
!fs tag, and 2nd with a DKIM-Signature that includes the !fs tag with a
value of of the recipient's domain.

Is this what you were intending? A list of DKIM-Signatures linked via
!fs tags?

Yup, with the chain typically having no more than one or two links,
since legit forwarding of the kind that might break DKIM is pretty
rare more than two deep.

If I do understand correctly, I think that it's intriguing. I'm not
aware of anything else that would work quite the same way.

That was the plan. I thought it was pretty clever, but like I said, the large mail systems that developed ARC wanted to put the control with the recipients, not the senders.