>> What is the value proposition that DKIM offers that incentivizes people >> to adopt it? > > I'll take a crack at that: DKIM offers the MUA enough data to know what > parts of a message to be rendered can be considered "valid" inasmuch as > someone (the signer) took responsibility for it.
I have to disagree. DKIM offers the ability for a domain to take responsibility for a message. A signing domain with any sense will sign messages in a way that ensures that they don't get smashed between the time they're signed and the time they're rendered, so the whole thing is "valid". While it's certainly possible to create signatures that don't include the To:, Date: or Subject: lines and have l=0, I doubt that a signer who did that would earn a reputation good enough for anyone to care whether they signed a message or not. Also, although I certainly do not purport to be a whiz at UI design, it's hard to think of a more pessimal UI design than one that tries to tell Grandma what parts of a message to believe with changing colors or fonts in various parts of the message window. She can barely grasp the difference between a green bar SSL page and one with no SSL. I don't want to mess with the MUA at all, but rather use DKIM to help decide what messages to show her and which messages to consign to the junk folder. R's, John _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html