> I'd just check the web site or directly if it was important to know
What makes you think that the answer you get when you look up
www.iana.org is what the real IANA wanted you to get?
"or directly if it was important to know", choose channel by
degree of certainty you desire.
This is not a Grand Paranoid Call-to-Arms, necessarily, but it seems
odd to distrust a non-signed email but at the same time trust an HTTP
It'd be a simple cross check rather than just trusting either, the
chances of both being compromised should be lower.
Chances of the RIPE site also being compromised are even lower
unless there was an ARIN/RIPE conspiracy in which case we have
bigger problems </xfiles>