Follow
100% agree but I still believe this is doable and not *that* hard on the UI level - browser vendors eventually managed to create a convincing UI for cert validation failures. The problem is that nobody is really expected to ignore unsigned PDFs sent by scammers to registrars.