+1
Damon Sauer
On 11/29/06, Douglas Otis <dotis(_at_)mail-abuse(_dot_)org> wrote:
On Nov 29, 2006, at 3:42 AM, Eliot Lear wrote:
> Charles Lindsey wrote:
>>
>> I utterly fail to see why what is displayed to the user is of the
>> least relevance.
>
> Because it's very possible UAs will indicate whether a message is
> signed or not. This is already done with various plugins.
The same plug-ins can also verify an associative policy regarding
other headers as well. Being signed might be for entities found in
the 2822.From, the 2822.Sender, or for the 2821.MailFrom (to help
ensure DSNs). Annotation of a message being signed by itself is of
little value. Being "signed" and "recognized" is what is important
when the desire is to curtail spoofing. This "recognition" should
not be visual. Because a great deal of email is sent by entities not
found within the 2822.From header, being able to "recognize" other
headers becomes important when extending protection for this portion
of the email traffic. Leaving holes in what gets protected only
invites abuse.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html