Quoting Daniel Vollbrecht <d.vollbre...@scram.de>:
I also somewhat dislike it also but the mail address after all is only
routing information, the "real" name is the person we known about. This
is what most users like to known. With mouse-over you should actually
see the mail address.
I don't agree. For me it is very important to see the email address.
I fail to see the advantage of displaying e-mail addresses, especially
when half the messages in my mailbox would show things like "Foo
<do_not_reply-md5h...@externalemailcontentprovider.server14.westcoast.meaninglessdomainname.com>".
One reason is that we don't allow our own domain as sender address
originating from external hosts (postfix:
reject_sender_login_mismatch), thus it is a huge difference if I see
something like 'My boss <f...@free.host>' or 'My boss
<ceo@my.domain>'. Unfortunately, now in IMP I see 'My boss' in both
cases which is not satisfactory - social engineering. For further
reading:
https://en.wikipedia.org/wiki/Social_engineering_(security)
So when I send you a mail message with a spoofed From e-mail address
from outside your domain, how is this any different?
If you feel strongly about this, this is easily added locally by
adding the additional information to your local source. But none of
these arguments even approaach a level where making this configurable
makes sense.
[3. Mail view]
Hmm, the MAILER-DAEMON messages (bounces) actually has the empty sender
address in most cases, so not sure what you like to verify in this case.
No, mailer daemons only have an empty envelope address. The From:
address is 'Mail Delivery System <MAILER-DAEMON@host.domain>' and I
only see just 'Mail Delivery System' all the time.
Not seeing your point(?)
If you are asking to see e-mail addresses in the from address because
it provides information on the tiny subset of bounced/failure
messages, that is way too specialized a use case to be useful overall
(especially since 99% of users don't care about these messages anyway).
At least it should be *configurable* to show the full From: without
any clicks or mouseovers though I think it should also be activated
by default. There is also enough space on my screen even in the
standard view where From: is right next to the subject so why hiding
so much information?
It's quite a bit of extra work, and influences things like escaping.
Which means it is something that requires maintenance. I'm just not
seeing an argument that's convincing enough for us to make this an
option we need to support in the future.
Spams with perfect DKIM signatures mostly mean that somebody's
account got hacked and I think the right approach is to have a good
spam filter. So the user actually won't see such a message in most
cases, but for all the hams with valid DKIm signature I want to give
them the chance to verify if someone used a faked address or if this
is unlikely to be faked even without cryptographic authenticity. You
are free to have it disabled, of course, but I would use it. :-)
I have no issue supporting verification with DKIM. It hasn't been
implemented prior because 1) nobody has really asked (i.e. paid) for
it and 2) it only has become standardized in the last few years and
has begun to be more widely implemented.
michael
___________________________________
Michael Slusarz [slus...@horde.org]
--
imp mailing list
Frequently Asked Questions: http://wiki.horde.org/FAQ
To unsubscribe, mail: imp-unsubscr...@lists.horde.org
