Hallam-Baker, Phillip writes:
Mass should behave in exactly the same way that S/MIME should, treat a
broken signature in EXACTLY the same way that an unsigned message is
treated.
We should note there is another case where you can say that
something is actually bad: when the signature verifies, but
the home domain doesn't authorize it. This is your
"phishing" case (or at least, it may be due to phishing).
In this case, I paint my messages up red so that I can see
that something looks suspicious. This is also interesting in
conjunction with a home domain policy which says "I sign
everything".
Mike