[Asrg] The state of the email system
Ian Eiloart
iane at sussex.ac.uk
Tue Nov 18 07:57:33 PST 2008
--On 18 November 2008 07:22:46 -0600 Dave CROCKER <dhc at dcrocker.net> wrote:
>> When dkim is widespread, I'd expect my email client to say "don't trust
>> this message" if it can't find a dkim signature.
>>
> Do you use that same model in dealing with people?
>
> You have some set of people you know you can trust, so you mistrust
> everyone else?
Yes. For example, I sometimes get calls from my bank, they start by asking
for my security information. I don't give it to them, because I can't know
who they are. If my phone were fitted with secure caller id, and could
confirm it was the bank calling, then I might think differently.
Actually, I assign different levels of trust to different people.
I guess the phrase "don't trust this message" might not be the best, but
I'd certainly expect my email client to tell me about the dkim status in a
way that was useful to anyone that speaks my language.
Also, I'd want to be able to tell my mail client who my bank is (etc), so
it can tell me when email really is from them, and especially to alert me
when an email is from a close but different address.
> d/
>
--
Ian Eiloart
IT Services, University of Sussex
x3148
More information about the Asrg
mailing list