wayne wrote:
In
<2A1D4C86842EE14CA9BC80474919782E0111336D(_at_)mou1wnexm02(_dot_)vcorp(_dot_)ad(_dot_)vrsn(_dot_)com>
"Hallam-Baker, Phillip" <pbaker(_at_)verisign(_dot_)com> writes:
Steve does have a point, there are email clients that display only the
display name and not the email address of an email user. So SPF is not the
last word on the phishing issue.
Yes, I very much agree. Anti-phishing systems *REQUIRE* changes to
the MUA. They also will likely need changes to MTAs. I think that is
way beyond the scope of anything we can deal with here.
Not necessarily... how about modifying the Subject line for example, to
"WARNING! This message is likely a forgery!". An approach similar to how
spamassassin handles spam could do wonders.
No change to the MUA is required. It's possible that no MTA changes are
required, aside from configuration changes (milter, procmail based
solution, etc.).
Some user education will be required, of course. Hopefully, the warning
method would be enough in most cases.
--Rich
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡