But how do you tell, automatically, that a message is from a "bank",
and therefore ought to be ignored if it is not whitelisted?
Your computer doesn't tell automatically, you tell by looking at it.
This is a task that humans do much better than computers do. As I
said:
On the other hand, if we encourage whitelists of real banks, the
user's model is like this:
1) Incoming message appears to be from a bank.
2) Does the MUA show the golden dollar sign that means it's from a
real bank?
3) Done.
As I hope is obvious here, I'm assuming that existing organizations
that know who the real banks are, such as the FSA in the UK and the
FDIC in the US will certify their members and somehow associate a logo
with the certification. That's technically trivial.
R's,
John
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html