> Common sense suggests that
> 1. We have to provide a human-readable representation to the user and
> 2. make him know that the name is IDN in fact.

1, We do, and it doesn't require any occurence of xn-- anywhere in an email
message.

2, Why, exactly? Looking for homographs doesn't help with impostors like
samsung-support.com (relies on non-homographic similarity), swapping е and
ё in the cases where humans are inconsistent, registering м     іст.ru to
attack міст.ua, etc. There are decent ways to protect against the general
threat, why bother with the special case?