Dave CROCKER wrote: > On 4/30/2010 9:37 AM, Jeff Macdonald wrote: > >> ESPs have a "forward-to-a-friend" feature for their clients. Its a >> feature in which the ESPs creates the content and sends a message from >> a friend, to a friend. It would be discarded. However, I'm willing to >> say this is a bogus practice. >> > > > F2F is a well-established and helpful feature. That some uses of > receive-side > authentication cannot cope with it is a limitation of the > authentication-based > service, not a flaw in F2F. >
F2F was created in a kinder, gentler time, when address spoofing wasn't nearly as much of a problem as it is now. The fact that F2F hasn't evolved to avoid spoofing users' addresses is a problem that is only made more tangible by email authentication. Telnet (on port 23) was also a well-established and helpful protocol. But the threat landscape changed, and today few of us send our passwords in the clear. The email threat landscape has similarly changed. -Jim _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
