"Rand Wacker" replied:
On Sat, 7 Aug 2004, Chris Haynes wrote:
The draft states that "in order to avoid this attack, MUAs will need to
displaying at least the header that was verified".
My concern is the need for new MUA purchases.
Why can't the server-side check modify the message to display the results
in an MUA-compatible way similar to the way that SpamAssassin modifies
bodies and (optionally) headers today?
Could you please supply an example of the modifications you propose in such a
1) It is displayable in Outlook Express
2) The display could not have been forged by the sender