[mail-vet-discuss] What is the A-R header really for?
Michael Thomas
mike at mtcc.com
Tue Oct 16 10:57:04 PDT 2007
Eric Allman wrote:
>> My own view is that MUAs can adapt to making use of this header (or
>> its successors, such as an ESMTP and/or IMAP extension) to acquire
>> border MTA authentication results and use that information to
>> indicate to the user, either graphically or by actual message
>> action (e.g. procmail), which messages could be trusted with
>> respect to their authenticity and which could not.
>
> Murray, I have to disagree with you here, but at the same time I want
> to thank you for making my thoughts on deleting A-R headers clear.
>
> I don't believe that raw authentication status should be presented to
> end users. Authentication status needs to be combined with reputation
> of some sort (even if that's just user white lists) first. Things like
> the cousin domain problem and the display name problem make display of
> raw authentication status inappropriate.
>
> Thus, I do not believe that A-R is really for use in MUAs. It is to
> pass information downstream without SMTP extensions.
I don't see how these two things follow. Just because you don't want to show
the raw auth-res (which I agree), doesn't mean that it's not for use in
MUA's.
Even if you believe it needs to be tied somehow to reputation, that doesn't
mean that it has to happen before an MUA.
Mike
More information about the mail-vet-discuss
mailing list