--On 19 October 2010 02:55:15 +0000 John Levine <johnl(_at_)iecc(_dot_)com>
wrote:
Personally, I have no idea which signing domains are credible and
which aren't, and I have no interest in my MUA showing them to me so I
can try and guess. That's much better handled in the MTA or MDA,
using something like VBR to check the signer's credibility.
Yeah, but this is the overriding assumption for any display to the user:
that the user is going to do the reputation assignment. Now, if the
signature is verified, the verifying domain matches the From: header, and I
know and trust the owner of the sending account, then I'm going to be
fairly confident. Of course, there's always the possibility that the
account has been compromised, though...
--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html