Dave CROCKER wrote:
On 4/30/2010 9:37 AM, Jeff Macdonald wrote:
ESPs have a "forward-to-a-friend" feature for their clients. Its a
feature in which the ESPs creates the content and sends a message from
a friend, to a friend. It would be discarded. However, I'm willing to
say this is a bogus practice.
F2F is a well-established and helpful feature. That some uses of
receive-side
authentication cannot cope with it is a limitation of the
authentication-based
service, not a flaw in F2F.
F2F was created in a kinder, gentler time, when address spoofing wasn't
nearly as much of a problem as it is now. The fact that F2F hasn't
evolved to avoid spoofing users' addresses is a problem that is only
made more tangible by email authentication.
Telnet (on port 23) was also a well-established and helpful protocol.
But the threat landscape changed, and today few of us send our passwords
in the clear. The email threat landscape has similarly changed.
-Jim
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html