On 6/2/2010 4:08 AM, Ian Eiloart wrote:
--On 26 May 2010 14:00:54 -0700 Steve
Atkins<steve(_at_)wordtothewise(_dot_)com>
wrote:
You may win the battle of preventing use
of the string "paypal.com" in the non-displayed part of the From: field,
yet lose the war of protecting your users from phishers.
There's nothing "undisplayed" about the From header in my mail client.
That's nice, but it is no longer typical. Far From: it....
Mail
clients that don't display the From header address probably should not be
used.
As soon as you convince all of the major MUAs to change and as soon as those
changes propagate into the user world, it will be reasonable to worry about
whether displaying the information matters.
That is, it will be reasonable to then ask whether users will assess the
validity of that information and make intelligent decisions based on it.
(Hint:
user interface works makes pretty clear that they won't...)
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html