
It appears that Michael Thomas via NANOG <nanog@lists.nanog.org> said:
The research paper I pointed to disagrees. It's not a panacea, but it's helpful.
I took a look at the paper and was underwhelmed. They were shocked to find that most of the Alexa top 1000 don't have DKIM or DMARC records, and well, duh, that's intended to be a list of the top 1000 web domains most of which don't do mail at all. For the ones that did do DKIM and DMARC, the mail systems did a reasonable job of keeping the forged mail out.
You can start with this one:
https://addons.thunderbird.net/en-US/thunderbird/addon/dkim-verifier/
Authentication-Results is not intended by itself to be a UI element, so that's not what I'm talking about. Any effort would require collaboration with security human factors experts for starters.
A-R tells you whether the DKIM, SPF, and DMARC validations passed. What else would you expect to show? And why do it in the UI rather than at delivery time? R's, John