It appears that Michael Thomas via NANOG <[email protected]> said: >Email doesn't even have that. Thunderbird, which is what I use, has >precisely *nothing* to say about DKIM/SPF/DMARC.
Well, yeah. As you surely know as well as anyone, if a message is authenticated that tells you nothing about whether it's mail you want or mail that's malicious. For that you need a reputation system that knows something about the domain that's authenticated. That seems a lot easier to do at delivery time and put the bad ones in the Junk folder, or don't deliver them at all. >Do you have any visibility into, say, MAAWG and why they don't take this >up as a standards effort? Honestly, they'd just laugh. It's not a new idea, and there is a great deal of experience that says asking users to make security decisions in the UI mostly adds confusion. On the other hand, if you use Thunderbird, I don't think it'd be very hard to write a plugin that looks at the Authentication-Results: header and adds locks or skulls and crossbones to the message display. Try it, tell us how you like it. You can start with this one: https://addons.thunderbird.net/en-US/thunderbird/addon/dkim-verifier/ R's, John _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/[email protected]/message/ZKODZNYV5ZDW322P6IU52G56SSYTCCWN/
