[mail-vet-discuss] What is the A-R header really for?
Eliot Lear
lear at cisco.com
Wed Oct 17 02:27:23 PDT 2007
Tony Hansen wrote:
> Eliot Lear wrote:
>
>> So I think in summary we need clearer text on the applicability of this
>> header, the jist of which should be that MUAs SHOULD NOT in general
>> process it as authentic information.
>>
>
> Not at all. MUAs shouldn't just *display* the results of A-R as an
> indication of goodness/badness of the sender. However, it can certainly
> process the A-R information and *combine* it with reputation and/or
> accreditation information in order to generate something that CAN be
> displayed to the end user.
>
>
Ok, well then we don't agree. The information simply cannot be trusted
unless it's signed, and if it's signed there will be agents that can't
verify it. I can tell you that I would encourage administrators to
strip it at the border because of the risk of misinterpretation and
spoofing. This having been said, the wording used in Section 3.1 is
close. I would make the first two SHOULD NOTs MUST NOTs.
Eliot
More information about the mail-vet-discuss
mailing list