Eric Allman wrote:
My own view is that MUAs can adapt to making use of this header (or
its successors, such as an ESMTP and/or IMAP extension) to acquire
border MTA authentication results and use that information to
indicate to the user, either graphically or by actual message
action (e.g. procmail), which messages could be trusted with
respect to their authenticity and which could not.
Murray, I have to disagree with you here, but at the same time I want
to thank you for making my thoughts on deleting A-R headers clear.
I don't believe that raw authentication status should be presented to
end users. Authentication status needs to be combined with reputation
of some sort (even if that's just user white lists) first. Things like
the cousin domain problem and the display name problem make display of
raw authentication status inappropriate.
Thus, I do not believe that A-R is really for use in MUAs. It is to
pass information downstream without SMTP extensions.
I don't see how these two things follow. Just because you don't want to show
the raw auth-res (which I agree), doesn't mean that it's not for use in
MUA's.
Even if you believe it needs to be tied somehow to reputation, that doesn't
mean that it has to happen before an MUA.
Mike
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html