Michael Thomas wrote:
Eric Allman wrote:
True, you could combine the A-R value with reputation in the MUA, but
that implies that you're going to have some at least moderately
sophisticated code in the MUA --- sophisticated enough that it can
figure out which A-R fields are appropriate. And I believe (i.e., it
is my opinion) that in most cases combining reputation results will
come before the MUA.
One could use A-R to include reputation query results as well, declaring
"reputation" as a method. Then the MUA or filtering agent could use
simpler rule sets to use the A-R data to put both DKIM and reputation
results together to make a rendering or filtering decision.
Ah, yes. That I totally agree with. That's part of why I'm so wary of
passing
cross-domain auth-res downstream is that somebody could easily get fooled
due to the limited nature of those filtering capabilities. But it's
not hard to
envision, say, a Thunderbird plugin that does those things. I think that
environment is pretty rich in comparison.
I think I concur; I believe common MUAs like Thunderbird and filtering
agents like procmail will quickly adapt once this or some other means of
relaying authentication and reputation data become widespread.
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html