--On 19 October 2010 02:55:15 +0000 John Levine <[email protected]> wrote:
> > Personally, I have no idea which signing domains are credible and > which aren't, and I have no interest in my MUA showing them to me so I > can try and guess. That's much better handled in the MTA or MDA, > using something like VBR to check the signer's credibility. > Yeah, but this is the overriding assumption for any display to the user: that the user is going to do the reputation assignment. Now, if the signature is verified, the verifying domain matches the From: header, and I know and trust the owner of the sending account, then I'm going to be fairly confident. Of course, there's always the possibility that the account has been compromised, though... -- Ian Eiloart IT Services, University of Sussex 01273-873148 x3148 For new support requests, see http://www.sussex.ac.uk/its/help/ _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
