-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thursday 03 June 2004 02:25 pm, Greg Connor wrote:
Ultimately we want the MUA program to display some details about what was
checked, and maybe an indication of whether it is end-to-end verified or
just the last hop.
I don't see SPF as being visible to end-users. To me, end-users shouldn't
have to worry about whether an email is fraud or not, outside of common
sense. We don't spend any time comparing the return address on the contents
of the snail mail to the stamp on the envelope. We shouldn't have to do the
same for email. The only time it is important is when there are problems.
Abusers of email who send phishing scams will be caught. Eventually, the
cost of running a scam via email will be similar to running it via snail
mail or phone. No, it will be higher, because there will be millions of
records that are easily indexed and searched, availability as soon as the
crime is commissioned. Fraudsters will get a knock on the door before they
even finish their first run. We prosecute snail mail fraudsters with only a
few pieces of mail. Imagine having hundreds of thousands of messages
archived and indexed to present to the jury.
Just think about the legal ramifications of me enclosing a message purported
to be from Microsoft in an Amazon envelope, and then sending it from the
Amazon HQ. No matter what I put on the outside of the envelope, there will
be a record that it actually came from Amazon. That is the important part.
- --
Jonathan M. Gardner
Web Developer, Amazon.com
jonagard(_at_)amazon(_dot_)com - (206) 266-2906
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQFAwMBrBFeYcclU5Q0RAvyWAKDQalFpPnGOkgfDrzLcaqYZLo8TMwCgvtq2
M9pe5Z0dQtnDYEl6BOasOXo=
=i6Ev
-----END PGP SIGNATURE-----