>>Seriously? Using Hotmail/Google is NOT FREE..
It is. They earn the money on ads, but the ad cost cannot swallow a fine. That
would mean they would need some way to reimburse the fine from the end user,
meaning you would need to have a credit rating as it would count as a loan
agreement, requiring a valid credit check. (In the same way you need a credit
check to hire a car, since a scratch or buckle in the exterior must be
reimbursed).
So yes, it would actually kill the free email services.
>>Accurate MAIL FROM (matching the actual authenticated user)
Im not talking about matching MAIL FROM to a authenticated login or password.
That’s up to the service provider, as long as its not a open relay, its fine
for me. If the mail provider wants to tie it to windows login, or even a
building login or whatever, or allow any email that the company owns, its fine
for me. That’s a responsibility the service provider has against its users, to
make sure they cannot cross-phish (like us...@example.com sending as
us...@example.com ) IF the users are untrusted. For employees in a normal
company, they can usually be trusted and no MAIL FROM <--> AUTH checking is
required.
Im talking about matching MAIL FROM (which is hidden from user, but
authenticated via SPF/DKIM) to the MIME FROM ("From:" header in MIME data),
thus guaranteeing that the address shown in From: is also a authenticated
address.
>>But yes, small screen real estate, and 'user friendly' concepts have made it
>>so that end users are more easily fooled
Yeah, but its stupid that those MUAs then choose to show the name more
prominently than the email, so even local validation don't work and you can
easily write:
From: customerserv...@mybank.tld <somephis...@phishdomain.tld>
And fool the user. The email address is whats authenticated, so show that?
However, if the email is in the user's contact book, it makes sense to show the
contact name, not the written name in name field.
Like with phone numbers.
And if user manually adds the email as the contact, the name written in the
name field can be a auto-suggestion.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
