Eliot Lear wrote:
I now get what people are saying, thanks to you and John Levine in
particular. I still believe that the From address requires protection
in SSP. UIs can at least take a stab at protecting the user by
matching display strings to what is in their address book. They can
also warn people about SSP or DKIM "protected" domains that have not
previously been seen to prevent the spammers' favorite trick of being
the first to use technology ;-) That's not something we can or should
standardize here today, but let's also not throw the baby out with the
bath water.
I also believe that user-visible information should be more trustworthy
than it is today, but I don't think that protection should be shoehorned
into DKIM+SSP. The real problem is that most MUAs simply don't show
users the more reliably trustworthy identities, and we won't fix that
here.
What we /can/ do is strengthen the identities that DKIM already deals
with, and thus enable MUA developers to experiment with different ways
of showing this information to the users.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html