RE: [SPFTAG] - RE: [SPFTAG] - RE: No use of checking RFC2822 headers - S

> -----Original Message-----
> From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
> [mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of Stefan 
> Engelbert
> Sent: Wednesday, September 29, 2004 10:30 AM
> To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
> Subject: RE: [SPFTAG] - RE: [SPFTAG] - RE: [spf-discuss] No use of
> checking RFC2822 headers - Sender is probably forged (SPF Softfail) -
> Sender is probably forged (SPF Softfail)
>
>
>
> > > I think this whole discussion is for nothing.
> > > Considering that rarely people put their address as
> pretty name you
> > > can allready prefilter emails as spam which have a valid
> > email address
> > > as pretty name.
> > > Maybe you can even consider to mark everything as SPAM
> > which has an @
> > > in the pretty name.
> > My company mandates that ALL users the pretty name shalt be
> > their email address.
> >
> > Most of our users comply.
> fine - so display name = mime from. so no problem if you consider
> a display name as invalid if it contains an @ but does not match
> mime from.
>
>
> > Lots of other people do that to, perhaps not the majority,
> > but a sufficient minority to prevent blocking on that logic
> > to be reasonable.
> >
> > > Or you compare pretty name with addresss when pretty name
> > is a valid
> > > email address.
> > That's a good idea, barring typos and ignoring whitespace,
> > that should work.
> >
> > > It think this pretty name discussion should be placed
> > somewhere in a
> > > SPAM Filter forum and not in a SenderID Forum.
> > As long as SenderID is claiming to fix Phishing, I believe
> > you to be incorrect.
> You will never find a way of verifying Display Names.
Agreed, and that's not what SPF is supposed to solve.

> How do you know that I am really Stefan Engelbert and
> not John Doe who is faking the Display Name to Stefan Engelbert?
Agreed!

But SPF verifies the real email address (or the domain component anyway).  As 
long you show a pretty
name that cannot be trusted what you have verified underneath is irrelevant if 
the user does not
actually see it...

> So I repeat my opinion that its impossible to invent an
> "Eierlegende Wollmilchsau". We should focus on SPF and/or
> SenderID/PRA.
Agreed

And in order to make SPF meaningful, we have to SHOW the verified domain to the 
user, hence get rid
of "pretty names"  (or only show ones that user has ascertained is to be 
displayed for a given email
address based on what is in their trusted addressbook/contact lists)


Terry Fielder
Manager Software Development and Deployment
Great Gulf Homes / Ashton Woods Homes
terry(_at_)greatgulfhomes(_dot_)com
Fax: (416) 441-9085


> > Terry Fielder
> > Manager Software Development and Deployment Great Gulf Homes
> > / Ashton Woods Homes terry(_at_)greatgulfhomes(_dot_)com
> > Fax: (416) 441-9085
> >
> > > Kind Regards
> > > Stefan Engelbert
> > >
> > > > -----Original Message-----
> > > > From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
> > > > [mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com] On Behalf Of
> > > Scott Kitterman
> > > > Sent: Wednesday, September 29, 2004 3:00 PM
> > > > To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
> > > > Subject: [SPFTAG] - RE: [spf-discuss] No use of checking
> > > > RFC2822 headers - Sender is probably forged (SPF Softfail)
> > > >
> > > > > -----Original Message-----
> > > > > From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
> > > > > [mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of
> Michel Py
> > > > > Sent: Wednesday, September 29, 2004 12:50 AM
> > > > > To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
> > > > > Subject: RE: [spf-discuss] No use of checking RFC2822 headers
> > > > >
> > > > >
> > > > > > Carl Hutzler wrote:
> > > > > > The latter address is the email address which is
> > > > cdhutzler(_at_)aol(_dot_)com(_dot_)
> > > > > > Carl Hutzler is the display name or pretty name. We do
> > > > not display
> > > > > > the pretty name in our AOL clients. Never have.
> > > > > This is very good and we all thank you, but I'm
> afraid that the
> > > > > outlook of the Outlook situation (pun intended) is bleak.
> > > The very
> > > > > reason Outlook displays the pretty name is customer
> > request, and
> > > > > delivering to the customers what they want (no matter it's
> > > > a good or
> > > > > bad idea) is what made M$ successful.
> > > > >
> > > > > I don't see a solution to it as of now, since millions
> > > > would tell you
> > > > > that it's a feature they want not a bug.
> > > > >
> > > > > Michel.
> > > > I don't know about Outlook Express (don't use it), but
> in Outlook
> > > > 2000 what happens is you see only the pretty name in
> the message
> > > > list, but when you open the message, you see both.
> Also, it will
> > > > display Sender too, so your e-mail to the list is displayed as:
> > > >
> > > > message list:
> > > >
> > > > From
> > > > Michel Py
> > > >
> > > > Preview pane:
> > > >
> > > > From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
> > > >
> > > > Opened message:
> > > >
> > > > owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com; on behalf of; Michel 
> > > > Py
> > > > [michel(_at_)arneill-py(_dot_)sacramento(_dot_)ca(_dot_)us]
> > > >
> > > > In terms of the 2822 identities, I don't think that's to bad.
> > > >  I don't know what newer versions do (won't be finding
> out either
> > > > because of product activation).
> > > >
> > > > Scott Kitterman
> > > >
> > > >
> > > >
> > > > -------
> > > > Sender Policy Framework: http://spf.pobox.com/ Archives at
> > > > http://archives.listbox.com/spf-discuss/current/
> > > > http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19
> > in Atlanta
> > > > features SPF and Sender ID.
> > > > To unsubscribe, change your address, or temporarily
> > deactivate your
> > > > subscription, please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
> > >
> > This mail was checked for malicious code and viruses by GFI
> > MailSecurity. GFI MailSecurity provides email content checking,
> > exploit detection, threats analysis and anti-virus for
> Exchange & SMTP
> > servers. Viruses, Trojans, dangerous attachments and
> offensive content
> > are removed automatically.
> > Key features include: multiple virus engines; email content and
> > attachment checking; an exploit shield; an HTML threats engine; a
> > Trojan & Executable Scanner; and more.
> >
> > In addition to GFI MailSecurity, GFI also produces the GFI
> > MailEssentials anti-spam software, the GFI FAXmaker fax
> server & GFI
> > LANguard network security product ranges.
> > For more information on our products, please visit
> http://www.gfi.com.
> > This disclaimer was sent by GFI MailEssentials for Exchange/SMTP.
> >
> > -------
> > Sender Policy Framework: http://spf.pobox.com/ Archives at
> > http://archives.listbox.com/spf-discuss/current/
> > http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in Atlanta
> > features SPF and Sender ID.
> > To unsubscribe, change your address, or temporarily deactivate your
> > subscription, please go to
> http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in Atlanta features 
SPF and Sender ID.
To unsubscribe, change your address, or temporarily deactivate your 
subscription,
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in Atlanta features 
SPF and Sender ID.
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com

<<attachment: winmail.dat>>