[Evolution] prevents phishing Re: filtering w/o user+subject host



Concerning this:

Message: 2
Date: Wed, 03 Aug 2005 03:36:08 -0500
From: Ron Johnson <ron l johnson cox net>
Subject: Re: [Evolution] user+subject host address format, was Re: how
      to      edit 'from' line when composing
To: evolution lists ximian com
Message-ID: <1123058168 29257 4 camel haggis homelan>
Content-Type: text/plain; charset="us-ascii"

On Tue, 2005-08-02 at 22:50 -0400, W Randolph Franklin wrote:
[snip]
3. Why not use a filter to "sort" replies? 

What's the invariant that I would sort on?   The sender and the subject
may change, say if the sender passes my address on to someone else.
However my address can't if the mail is to reach me.  

It depends.

For this list, it's :
    ^X-BeenThere: evolution lists ximian com


That won't work if someone on this list puts my address into his contact
and later mails me.   

That also won't work to identify and block which business sold my
address to spammers.

It won't even work to sort mail from good businesses who change their
address slightly.  This is particularly relevant since there are
apparent subtleties to the filtering that I haven't figured out yet.

The unique property of user+subject is that (if I implement a few other
things also) is that if someone deletes or changes the tag, then he
can't mail me.   I.e., anonymity is not possible.  Phishing me becomes
harder.    If I give paypal an address of wrf+paypal038487 host, then
mail to any other address pretending to be from paypal is fake.

Another way to do this is to buy your own domain and give everyone a
different address, i.e.,  UNIQUE MYDOMAIN COM    This is useful since
some braindead web forms refuse to accept certain valid addresses, e.g.,
with plusses.   However using this also requires editing 'from' lines
(or creating lots of accounts).



-- 
W Randolph Franklin <wrf+evolution ecse rpi edu>





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]