[ietf-dkim] NEW ISSUE: SSP applies only to receive-side filtering
engine and not end-users
johnl at iecc.com
Thu Dec 13 07:52:31 PST 2007
> That is: users look at From lines and spammers and phishers try to
> fake them. Anyone DISAGREE with that assertion?
Of course you're wrong.
Except in the most primitive MUAs (which are surely far more popular
with people here than with Internet users in general), what the user
sees isn't the From: line, it's something the MUA concocts using the
From:, Sender:, address book entries, and random other stuff.
If I am using a recent version of Thunderbird in a normal
configuration, what will I see if a message has this From: line?
From: security at paypal.com <phish at rbn.ru>
Sometimes the bad guys fake the From: line address, a lot of times
they don't even bother. It is ridiculous to assert that anything like
SSP would make a meaningful difference in the amount of phishy stuff
MUAs show their users.
PS: I can't wait for someone to say "well, then MUAs will all have to
change to show the real address".
More information about the ietf-dkim