On Thu, 2005-02-03 at 15:57 +0100, Tom Kistner wrote:
> My MUA says it's from tom@???.[*]
Yeah, but many MUAs will say that anyway, even if I do:
From: 'tom@???' <dwmw2@???>
What the MUA displays today is useless. If you want the user to know
about how trusted the message is, you have to modify the MUA anyway.
And by the time the user is looking at the message, it's too late. I
don't care who it claims to come from; if it's offering me a way I can
enlarge my penis, I know that I don't really want to read it anyway.
What I want DK for is to reject mail which is faked so that it never
gets as far as the MUA in the first place.
> You never give up right? :)
Just trying to make sure we understand each other :)
> My definition of "unuseable" with MLMs is
> that the MLM nukes my good signature. "Sender:" header or not, the
> message could be completely forged and 99% of deployed MUAs will not
> bother showing a "Sender:" header to the user.
OK, that's a perfectly reasonable definition and a good thing to strive
for. Unfortunately it's an expectation which is fairly hard to meet. No
scheme which I'm aware of is usable, given that definition. It's a shame
-- I'd _like_ to manage that, but it's hard. The closest is probably IIM
with its 'number of signed lines' thing. That opens the door for
attackers to append text to the message though, which has its own
problems (especially if you want to allow signing of HTML mail).
--
dwmw2