In <BD7EBFB2(_dot_)8021%cdhutzler(_at_)aol(_dot_)com> Carl Hutzler
<cdhutzler(_at_)aol(_dot_)com> writes:
I agree. What's the point of SenderID, DomainKeys and others that check the
822 FROM when the phishers can EASILY do this.
Yes, this has been discussed many times. Stopping, or even slowing,
phishing is very hard. There are also the tricks like using the
domain paypa1.com and the PRA in SenderID makes it even easier for
phishers by allowing the Resent-Sender: header to override the From:
header.
On AOL clients (8.0, 9.0, etc) we DO NOT display the display name. We only
show the real email address. I hope this never changes.
I also hope that AOL doesn't change their client to dispaly the
"display name". However, I do hope AOL and all other major MUAs start
displaying whether the email passes validation via SPF, SenderID,
DomainKeys, S/MIME, PGP, etc.
-wayne