--On 19 October 2010 11:35:53 -0400 "John R. Levine"
<johnl(_at_)iecc(_dot_)com> wrote:
True, but there already are UI designs that indicate when a From header
is DKIM verified.
So you're saying that all a spammer has to do is to put on a throwaway
domain's signature, and the MUA will highlight at least parts of the
message with green goodness? Surely our understanding of domain
reputation is better than that.
I believe that's the basis of this whole discussion, isn't it. The point is
that the MUA tells you whether the header was signed, and leaves you to
apply the domain or address reputation. I think that's a step forward. At
least, it is when I know the purported author. And, surely I'm better at
assigning reputation to -say- my brother than any automated system is.
But, hey, I'm on your side here. I think we should put a warning in the RFC
so that vendors are informed that they need to be sure they're highlighting
the correct header.
Any chance you can tell me which MUAs have this misfeature, so I can tell
people to return them and ask for a refund?
R's,
John
--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html