On Tue, 31 Aug 2004, Yakov Shafranovich wrote:
Note the list arguments about silently swallowing emails and then think
why these arguments are relevant (hint: swallowing email on MUA level).
It is clear to me from the entire Sender-ID development from its roots
in the ASRG, as well as the information I heard directly from Microsoft
employees on the subject, is that the Sender-ID standard is intended to
be deployed on the MUA level by Microsoft. Of course, they are free to
correct me.
SenderID can not reliably be used at MUA level and in my opinion should
not be used there. See my long object on this very topic at:
http://www.imc.org/ietf-mxcomp/mail-archive/msg03769.html
This was however discussed more at spf-discuss, my arguments there are:
http://archives.listbox.com/spf-discuss(_at_)v2(_dot_)listbox(_dot_)com/200408/1237.html
http://archives.listbox.com/spf-discuss(_at_)v2(_dot_)listbox(_dot_)com/200408/1255.html
Unless I'm mistaken the same arguments were expressed before by others too
but I only have copies of my own posts to find them in archive.
My recomendation for MUA support is to require MTAs that do MARID record
checks to add special received header (or specified fields in normal
received header) and for MUAs to look for this header and if it is the
one from the top-most Received header only then can MUA show to the
user that certain from address is MARID verified, in such received
header should already contain PRA address, which is the one MUA can show
to the user (this is not to say MUA can't show other address that are
typically involved in PRA to the user, but that is optional and carries
no assurances that those addressed were ever checked).
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net