John Levine wrote:
Sometimes the bad guys fake the From: line address, a lot of times
they don't even bother. It is ridiculous to assert that anything like
SSP would make a meaningful difference in the amount of phishy stuff
MUAs show their users.
Right, first we have to decide which color the MUA will paint the
background of the From: header to indicate whether it's trustworthy or
not.
(This is a joke, of course -- but not entirely. I actually had that
conversation in my last job. I bet some of the rest of y'all have, too.
There's no best practice to fall back on yet.)
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html