>>G) Annotation? > > Annotation should take place at the MUA or entity with access to the > addressbook or signatures should not be annotated. Without the effort > joined by MUA and web client (browser extensions) vendors, DKIM is not > likely to increase phishing catch rates.
Your statement is less emphatic and better. Perhaps why could be included however. How about: Annotation applied at the MTA will likely invalidate signatures and prevent more accurate annotations from being applied by end user applications. Applying annotations should require valid signatures that are signed on behalf of a _trusted_ entity. Determination of trust is more accurately accomplished by the end user. The basis of end user assessments will likely rely upon out-of-band methods not available to the MTA. These lists might be represented by the recipient's address book, for example. Without the effort joined by MUA and web client (browser extensions) vendors, DKIM is not likely to increase phishing catch rates. -Doug _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html