On Fri, Mar 19, 2004 at 04:38:25PM -0800, Hallam-Baker, Phillip wrote:
-----Original Message-----
From: owner-ietf-mxcomp(_at_)mail(_dot_)imc(_dot_)org
[mailto:owner-ietf-mxcomp(_at_)mail(_dot_)imc(_dot_)org]On Behalf Of Mark
C. Langston
Sent: Friday, March 19, 2004 6:49 PM
To: IETF MXCOMP
Subject: Re: When spoofing is.
On Sat, Mar 20, 2004 at 12:15:08AM +0100, Alex van den Bogaerdt wrote:
On Fri, Mar 19, 2004 at 10:58:52AM -0800, Mark C. Langston wrote:
So, how should the recipient identify the entity that
caused the card to
be sent, and how should the recipient reply to that entity?
Why should the recipient identify this entity? Those
postcard sites are
vulnerable to spoofing, let them fix their own problems.
Because Grandma might like to know which of her grandkids sent the
postcard.
From:owner-ietf-mxcomp(_at_)mail(_dot_)imc(_dot_)org; on behalf of;
Mark C. Langston [mark(_at_)bitshift(_dot_)org]
Reply-To: Mark C. Langston [mark(_at_)bitshift(_dot_)org]
What part of that do you think Grandma will have a problem with?
The bit where her MUA only displays the From:, and none of the "on
behalf of" part (much like many other MUAs. Mutt, for example, which
I'm using now, doesn't display that).
Grandma doesn't parse mail headers manually. Grandma looks at the
"From:" if we're lucky. More often, she just looks at the quoted string
that supplies the supposed name associated with the email address (or
that stored in her address book, which her MUA was kind enough to dredge
up for her).
This sounds like it's headed towards "solution: educate the end users."
Speaking from experience, this never works.
--
Mark C. Langston Sr. Unix SysAdmin
mark(_at_)bitshift(_dot_)org
mark(_at_)seti(_dot_)org
Systems & Network Admin SETI Institute
http://bitshift.org http://www.seti.org