Franck Martin writes:
> I think we need to give advice to MUAs, while letting MUA
> developers some liberty on how to interpret it.
>
> I'm proposing the following text to be added to the DMARC spec
>
> "MUAs SHOULD display to the end user, in UTF8 (and punycode), in a
> non ambiguous font, the domain used for the assertion of the DMARC
Isn't the "domain used for assertion" normally called the Author
Domain?
> policy, as well as the result of this assertion. A non ambiguous
> font is a font where the graphical representation of a chararcter
> is not identical to the graphical representation of another
> chararcter in the same font"
>
> If we know what a non ambiguous font is, then may be we could
> specifiy the font name.
Unfortunately, there is no such thing. For example, the glyph that
represents "A" is very likely to be used for the corresponding
character in all of the Latin, Greek, and Cyrillic scripts. Even if
the glyphs for such confusable characters are clearly distinct in each
script, it would require a very carefully designed font to ensure that
most users would be able to reliably decide which glyph represents the
character from which script.
I would suggest
MUAs SHOULD indicate the domain used for the assertion of the DMARC
policy, and SHOULD also display internationalized domain names
[IDNA = RFC 3490] as Punycode [PUNYCODE = RFC 3492]. MUAs MAY
highlight a confusable character [UTS #39] if its script differs
from the surrounding characters, or otherwise indicate different
scripts in the domain name.
I'm not wedded to that language, and the part about highlighting
confusables needs refinement.
I wonder if it might not be a better idea to say that in the case of
identity alignment *failure*, the MUA should clearly indicate this
fact, as well as the Author Domain?
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
