[mail-vet-discuss] What is the A-R header really for?

[Eric Allman]

> My own view is that MUAs can adapt to making use of this header (or
> its successors, such as an ESMTP and/or IMAP extension) to acquire
> border MTA authentication results and use that information to
> indicate to the user, either graphically or by actual message
> action (e.g. procmail), which messages could be trusted with
> respect to their authenticity and which could not.

Murray, I have to disagree with you here, but at the same time I want 
to thank you for making my thoughts on deleting A-R headers clear.

I don't believe that raw authentication status should be presented to 
end users.  Authentication status needs to be combined with 
reputation of some sort (even if that's just user white lists) first. 
Things like the cousin domain problem and the display name problem 
make display of raw authentication status inappropriate.

Thus, I do not believe that A-R is really for use in MUAs.  It is to 
pass information downstream without SMTP extensions.

eric