[william(at)elan.net]
Also in draft-leibzon-responsible-submitter-00 in section 5.4.1 I did write
what MUAs should do, so please let me know if you're ok with below text:
-----------------------------------------------------------------------
5.4.1 Displaying Verification Results in MUA
When displaying a received message, an MUA SHOULD check message for
Authentication-Results headers and if last entered such header is
proceeded only by Received and Return-Path trace headers which appear
to have been added by MDA or by other MTAs which are known to be on
the same network as MUA, then MUA should display the value of
Responsible Submitter as found in "envelope-submitter" as well as
display to the user the results of SPF verification.
If email address of Responsible Submitter is the same as address in
one of the "From:" headers, then MUA should show that email address
as email origin and indicate by some means that it has been SPF-
verified based on submitter identity. If header "From:" address is
not the same, then origin of the email should be indicated as being
that of Responsible Submitter with email listed as having been sent
on behalf of the party listed in "From:" header. It should be made
clear that only Responsible Submitter part of the email origin has
been SPF-verified and not the header "From:" address part.
MUA may also want to find envelope-submitter values from all
"Authentication-Results:" headers as well as "Sender:" and all
"From:" headers and display them as addresses responsible for
transmission of the message.
This looks great to me. I love to see standards documents that think
about the (possibly non-technical) end user; far too few RFCs do this
IMHO.
You might also consider making the display of 2821.From verification
status and domain a SHOULD.
Regards,
Ryan