[mail-vet-discuss] What is the A-R header really for?
Michael Thomas
mike at mtcc.com
Wed Oct 17 08:10:28 PDT 2007
Eliot Lear wrote:
> Tony Hansen wrote:
>
>> Eliot Lear wrote:
>>
>>
>>> So I think in summary we need clearer text on the applicability of this
>>> header, the jist of which should be that MUAs SHOULD NOT in general
>>> process it as authentic information.
>>>
>>>
>> Not at all. MUAs shouldn't just *display* the results of A-R as an
>> indication of goodness/badness of the sender. However, it can certainly
>> process the A-R information and *combine* it with reputation and/or
>> accreditation information in order to generate something that CAN be
>> displayed to the end user.
>>
>>
>>
>
> Ok, well then we don't agree. The information simply cannot be trusted
> unless it's signed, and if it's signed there will be agents that can't
> verify it. I can tell you that I would encourage administrators to
> strip it at the border because of the risk of misinterpretation and
> spoofing. This having been said, the wording used in Section 3.1 is
> close. I would make the first two SHOULD NOTs MUST NOTs.
>
I think you're talking past each other: I don't think that Tony's weighing
in on the cross-domain part of this debate. Only that an MUA can use it
if available.
Mike
More information about the mail-vet-discuss
mailing list