On Thu, 3 Jun 2004, Dustin D. Trammell wrote:
On Thu, 2004-06-03 at 15:54, Ryan Malayter wrote:
Unless I'm missing something, a message with these properties:
ENVELOPE-SENDER: someguy(_at_)phisher(_dot_)com (no RFROM)
RFC-2822 From: Operations(_at_)FirstNationalBank(_dot_)com
RFC-2822 Sender: someguy(_at_)phisher(_dot_)com
will pass under the new SPF, assuming phisher.com has valid SPF records.
The responsible sender will be evaluated as phisher.com. The message
will display in many MUAs as something like:
From: someguy(_at_)phisher(_dot_)com on behalf of
Operations(_at_)FirstNationalBank(_dot_)com
My mother could be fooled by this, thinking phisher.com was somehow
associated with her bank.
Especially if 'someguy(_at_)phisher(_dot_)com' looks legitimately associated
to the
emulated entity, something like:
From: dtrammell(_at_)FNB-CustomerService(_dot_)com on behalf of
Operations(_at_)FirstNationalBank(_dot_)com
Then the user should be fired with prejudice, and probably for gross
misconduct.
S.
--
Shevek http://www.anarres.org/
I am the Borg. http://www.gothnicity.org/