spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: RFC (request for comments): Summary of SenderID/PRA concerns

2005-06-24 22:46:08
from [Hector Santos] [Permanent Link] 

----- Original Message ----- 
From: "Stuart D. Gathman" <stuart(_at_)bmsi(_dot_)com>



If the PRA is not displayed to the end-user, then it is useless 
for preventing phishing.

Validating MAIL FROM is superior to PRA in every aspect 
except this: it is not displayed to the end user.


I see, so can we generalize it like so?

Benefits:

-  Can address Social Engineering issues (i..e, phishing) at the MUA
   by displaying the PRA

Concerns:

-  Requires adaptation (change) by MUAs to display PRA
-  Requires two SPF records (SPF1 and SPF2.0/PRA) ???

Is this last concern correct?  

-- 
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: enough with the web site, Frank Ellermann
Next by Date:  Re: RFC (request for comments): Summary of SenderID/PRA concerns, Stuart D. Gathman
Previous by Thread:  Re: RFC (request for comments): Summary of SenderID/PRA concerns, Jeff Macdonald
Next by Thread:  Re: RFC (request for comments): Summary of SenderID/PRA concerns, Stuart D. Gathman
Indexes:  [Date] [Thread] [Top] [All Lists]