Graham Murray wrote:
An MUA does not have to do filtering in order to support DKIM. It could
display the Authentication Results header, or take some action
depending
on whether there is a valid DKIM signature - in a similar way that some
web browsers will turn the URL bar green when the site presents a valid
'extended validation' certificate.
I think this is a very bad idea. Many people with quite a bit of technical
knowledge struggle to grasp what DKIM really does (I am, or used to be, among
them). What is really does (cryptographically attach a domain name to an email)
is of little value to the end user.
Worse, there are plentiful examples where this may be misleading to the end
user. Think of a phish with a valid DKIM signature (of the phisher's domain).
Or an email DKIM-signed by Gmail from your friend who "is in London, had all
his possessions stolen and asks if he can borrow $2000 ASAP"; the fact that
Gmail signed the message doesn't make it any less likely that your friend's
account hasn't been hacked into. I am not a psychologist, but I believe that to
many an end user a valid signature will suggest the email should somehow be
trusted.
(Taking some action, such as putting a messages in an appropriate folder, or
giving it a blue background, based on a valid DKIM signature of a valid domain
is a different matter.)
Martijn.
Virus Bulletin Ltd, The Pentagon, Abingdon, OX14 3YP, England.
Company Reg No: 2388295. VAT Reg No: GB 532 5598 33.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html