[mail-vet-discuss] What is the A-R header really for?

Charles Lindsey chl at clerew.man.ac.uk
Wed Oct 17 03:41:09 PDT 2007 

On Tue, 16 Oct 2007 21:54:58 +0100, Michael Thomas <mike at mtcc.com> wrote:

> Eliot Lear wrote:
>> So I think in summary we need clearer text on the applicability of this
>> header, the jist of which should be that MUAs SHOULD NOT in general
>> process it as authentic information.
>
> Hold on... I don't think that Eric and I would go that far. I think the  
> sense
> we agreed on is that it's not suitable for human display directly, and  
> that
> simple mua filter pattern matchers are likely to not be very suitable  
> either.
> An mua that wants to process it using some real programming language
> (fsvo "real") shouldn't be discouraged though. I'm more neutral on his
> point about reputation, but I think that's orthogonal to the mua  
> question.

Certainly, MUAs should not be showing the A-R header _by_default_, but if  
the user explicitly configures his MUA to show it (most MUAs allow that),  
then we should presume the user knows what he is looking for.

But current MUAs are completely unaware of this header, so what we are  
really concerned about it future MUAs that will recognise it. And if  
someone has gone to the trouble of upgrading an MUA to make use of this  
header, then it is reasonable to assume that he will have built in a  
sufficiently sophisticated algorithm (that knows, for example, what the  
'boundary' MTA for that particular email should be) that can deliver a  
sensible outcome (configurable to suit what the user wants).

So the purpose of adding this header is to do it at a point where the  
facilities for doing the checking are readily available (which may not be  
the case at the MUA, which may be operating offline). And that point is  
also the best place to look up reputations, etc.

Which suggests that this header, in addition to saying "we checked the  
signatures with such and such result" should also be able to say "and we  
looked up the reputation of the signer in XXXX registry, which reported it  
as 'abysmal'/whatever".

-- 
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131                       
   Web: http://www.cs.man.ac.uk/~chl
Email: chl at clerew.man.ac.uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5

More information about the mail-vet-discuss mailing list