#267 Signature's e-mail should be cross-checked with sender's address

[Felipe Lessa]

Enigmail always displays info about the key of a good signature. However, it does not display a warning when the signature's key's e-mail address is different from the e-mail's "From" address.

[Patrick Brunschwig]

Enigmail does display the name and email address of the signing key. I think it's up to the user to check if that was the sender's email.

[eviljoel]

I just want to say that as an Engimail user, it is NOT obvious that verifing the sender is the same as the signer is the responsibility of the end user. I think most end users would also expect Engimail to already do this. Therefore, I think you should treat this as a major bug and not an enhancement.

[Nicolas Dietrich]

I know a couple of people sending emails from another email address than the one(s) of their signing keys. Therefore I suggest the warning shouldn't be "too red", as it may well be intended behavior.

However, coming from #377, that issue would probably be visible to more users, if this feature request was implemented...

[Patrick Brunschwig]

We decided in the Enigmail team that we won't fix this. This feature is very often used intentionally without trying to spoof anything.