Dan Kaminsky wrote: > A couple people have questioned why not just reject all "true > names" that > contain an @ sign. For better or worse, having an @ in your > name is not > necessarily a sign of illegitimacy <snip> > Perhaps a "true name" filter along the lines of *@*.TLD? I > think that's > pretty much what the user is interpreting as a differentiator > between real > names and email addresses. One simple method of adding security in this case would be to pop up a security alert when there is an attempt to add an address book entry where the real name portion is de facto an RFC compliant mail address. The user then can decide if he wants to allow the entry. As an added security, a similar alert can be shown when this type of entry is used for address expansion in an outgoing mail. The user could get the option to 1) reject the expansion 2) reject the expansion and remove the entry from the address book 3) reject the expansion and edit the entry in the address book 4) allow the expansion this one time 5) allow the expansion and not be shown any more alerts for this address This would combine good security and usabuility at the same time. / Otto Dandenell
This archive was generated by hypermail 2b30 : Fri Jun 08 2001 - 11:48:48 PDT