Eliot Lear wrote:
Tony Hansen wrote:
Eliot Lear wrote:
So I think in summary we need clearer text on the applicability of this
header, the jist of which should be that MUAs SHOULD NOT in general
process it as authentic information.
Not at all. MUAs shouldn't just *display* the results of A-R as an
indication of goodness/badness of the sender. However, it can certainly
process the A-R information and *combine* it with reputation and/or
accreditation information in order to generate something that CAN be
displayed to the end user.
Ok, well then we don't agree. The information simply cannot be trusted
unless it's signed, and if it's signed there will be agents that can't
verify it. I can tell you that I would encourage administrators to
strip it at the border because of the risk of misinterpretation and
spoofing. This having been said, the wording used in Section 3.1 is
close. I would make the first two SHOULD NOTs MUST NOTs.
I think you're talking past each other: I don't think that Tony's weighing
in on the cross-domain part of this debate. Only that an MUA can use it
if available.
Mike
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html