----- Original Message -----
From: "Stuart D. Gathman" <stuart(_at_)bmsi(_dot_)com>
If the PRA is not displayed to the end-user, then it is useless
for preventing phishing.
Validating MAIL FROM is superior to PRA in every aspect
except this: it is not displayed to the end user.
I see, so can we generalize it like so?
Benefits:
- Can address Social Engineering issues (i..e, phishing) at the MUA
by displaying the PRA
Concerns:
- Requires adaptation (change) by MUAs to display PRA
- Requires two SPF records (SPF1 and SPF2.0/PRA) ???
Is this last concern correct?
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com