On 10/24/07, Kivi Shapiro <[EMAIL PROTECTED]> wrote: > Jeff makes a good point about how easy it is to send email > under someone else's name. I think people don't really > think about it: after all, a username and password are > needed to *receive* email, so it doesn't occur to them that > the ability to *send* email would be any less secure. So > there's a certain amount of securitiness involved.
Actually, this is not the case. E-mails with forged "From:" address can be frequently detected and dropped by today's spam filters. Basically, owners of domains are able to specify that valid e-mails from a domain (e.g. @gmail.com) can only originate from specific IP addresses (e.g. GMails mail servers). And many ISPs now require authentication for sending as well (although sometimes this is handled automatically by e-mail software and you don't need to enter your login details twice). If you're interested in the technicalities, take a look there: http://en.wikipedia.org/wiki/E-mail_authentication > So I'd suggest having a standard e-mail address/password > screen. Use Secure HTTP, so whatever people happen to type > in the password field doesn't get sent over the Internet in > plain text. But then? Ignore what they put in the password > field, and go by the e-mail address alone. Deliberately misleading users about security issues does not amount to good usability, IMHO. Regards, Alex ________________________________________________________________ Welcome to the Interaction Design Association (IxDA)! To post to this list ....... [EMAIL PROTECTED] Unsubscribe ................ http://gamma.ixda.org/unsubscribe List Guidelines ............ http://gamma.ixda.org/guidelines List Help .................. http://gamma.ixda.org/help
