ietf-mxcomp
[Top] [All Lists]

Re: TECH OMISSION: Stronger checks against email forgery

2004-09-07 09:49:18

Ryan Malayter wrote:

[Yakov Shafranovich]

2. The "Sender" header is being verified over the "From" header. While according to the RFC that is the agent introducing the message into the email system, the "Sender" header is not displayed in MUAs.


This may be one of the rare cases where Microsoft MUAs are "more RFC
compliant" than most others; Outlook 2000 and newer do in fact show a
message with a Sender header as "From <sender header> on behalf of <from
header>".


Is that majority of the installed base? And even if it, if we are worried about broken Microsoft DNS servers which are a minority, then for sure we should worry about broken MUAs as well which are a minority.

Yakov