Tony Hansen wrote:
Not at all. MUAs shouldn't just *display* the results of A-R as an
indication of goodness/badness of the sender. However, it can certainly
process the A-R information and *combine* it with reputation and/or
accreditation information in order to generate something that CAN be
displayed to the end user.
I think MUAs should be free to indicate, without even consulting
reputation, an authentication result that fails (i.e. a forgery of some
kind).
The opposite, expressing "you should trust this", definitely requires
reputation.
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html