--On 19 October 2010 11:35:53 -0400 "John R. Levine" <jo...@iecc.com> wrote:
>> True, but there already are UI designs that indicate when a From header >> is DKIM verified. > > So you're saying that all a spammer has to do is to put on a throwaway > domain's signature, and the MUA will highlight at least parts of the > message with green goodness? Surely our understanding of domain > reputation is better than that. I believe that's the basis of this whole discussion, isn't it. The point is that the MUA tells you whether the header was signed, and leaves you to apply the domain or address reputation. I think that's a step forward. At least, it is when I know the purported author. And, surely I'm better at assigning reputation to -say- my brother than any automated system is. But, hey, I'm on your side here. I think we should put a warning in the RFC so that vendors are informed that they need to be sure they're highlighting the correct header. > Any chance you can tell me which MUAs have this misfeature, so I can tell > people to return them and ask for a refund? > > R's, > John -- Ian Eiloart IT Services, University of Sussex 01273-873148 x3148 For new support requests, see http://www.sussex.ac.uk/its/help/ _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html