Re: TECH OMISSION: Stronger checks against email forgery

ietf-mxcomp

Re: TECH OMISSION: Stronger checks against email forgery

2004-09-08 05:49:13


On 7 Sep 2004, at 17:38, Yakov Shafranovich wrote:

I think we are going in circles. Validating the bounce address onlyprevents false bounces but allows phishing, validating "Sender" doesnot stop phishing but allows bounces plus does not take into accountforwarding, validating the "from" headers stops phishing but allowsbounces. Which one of these do we really want?


Validating the "from" headers in no way stops phishing.

It may give us some comfort to think that in some future we might beable to whitelist "from" headers, with some certainty that they aren'tforged, but that's all it does. A whitelist (or reputation list) doesnot stop phishing.


Matt.


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.

For more information please visit http://www.messagelabs.com/email______________________________________________________________________

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: TECH OMISSION: Stronger checks against email forgery, (continued) Re: TECH OMISSION: Stronger checks against email forgery, Yakov Shafranovich Re: TECH OMISSION: Stronger checks against email forgery, Tony Finch Re: TECH OMISSION: Stronger checks against email forgery, Yakov Shafranovich Re: TECH OMISSION: Stronger checks against email forgery, Tony Finch Re: TECH OMISSION: Stronger checks against email forgery, Yakov Shafranovich Re: TECH OMISSION: Stronger checks against email forgery, Douglas Otis Re: TECH OMISSION: Stronger checks against email forgery, Yakov Shafranovich Re: TECH OMISSION: Stronger checks against email forgery, Douglas Otis Re: TECH OMISSION: Stronger checks against email forgery, Yakov Shafranovich Re: TECH OMISSION: Stronger checks against email forgery, Douglas Otis Re: TECH OMISSION: Stronger checks against email forgery, Matt Sergeant <= Re: TECH OMISSION: Stronger checks against email forgery, Chris Haynes RE: TECH OMISSION: Stronger checks against email forgery, Ryan Malayter Re: TECH OMISSION: Stronger checks against email forgery, Yakov Shafranovich

Previous by Date:	Re: TECH-OMISSION (-core): alias-forwarding and multiple recipients, Wietse Venema
Next by Date:	RE: DEPLOY: IPR [was Re: TECH: use fetchmail algorithm to select header address to verify], terry
Previous by Thread:	Re: TECH OMISSION: Stronger checks against email forgery, Douglas Otis
Next by Thread:	Re: TECH OMISSION: Stronger checks against email forgery, Chris Haynes
Indexes:	[Date] [Thread] [Top] [All Lists]