On Fri, 8 Jun 2001 Otto.Dandenellat_private wrote: > One simple method of adding security in this case would be to pop up a > security alert when there is an attempt to add an address book entry where > the real name portion is de facto an RFC compliant mail address. The user > then can decide if he wants to allow the entry. There are two problems with this: 1) I do not believe pop-ups are effective. The entire Windows security model is built on "warn-and-nag", and one more box will just annoy users who will unthinkingly hit "OK". 2) I bet I could craft e-mail addresses which are not RFC-compliant, but which almost every MTA will deliver anyway. For example: dfsat_private is not RFC-compliant (note the trailing dot), but Sendmail happily delivers it. "Be liberal in what you accept" turns out to bite you. I still maintain that very few legitimate full names have an "@" sign in them, so those should be filtered out, no questions asked. In 12 years on the Internet, I've never received mail from someone with an "@" in his/her full name. -- David.
This archive was generated by hypermail 2b30 : Sun Jun 10 2001 - 14:58:07 PDT