----- Original Message -----
From: "Douglas Otis" <dotis(_at_)mail-abuse(_dot_)org>
To: "Hector Santos" <hsantos(_at_)santronics(_dot_)com>
This is indeed a common refrain. Until MUAs are modified, DKIM
offers no such protection however.
You are limiting your scope to offline world. What about the online world?
When MUAs are modified, the signing-domain should be made
visible in some manner.
In the perfect world of "chain of trust", the users just wants to see:
This could by done when an initial message is received, where
the user is asked to approve these identifiers.
Why can't his ISP do it for him?
Anytime an identifier appears to have changed, or another
message looks like a message with retained identifiers,
they should be alerted.
Why bother and confuse the user at all?
In that case, there would no need for an SSP scheme.
I love your ethusiam. But its not doing it for me. Sorry.
This could be enhanced by offering recommendations
contained directly within the signature on the scope
of identifier needed to isolate the author.
Is this at the 821 level?
Hector Santos, Santronics Software, Inc.
ietf-dkim mailing list