On Fri, 8 Jun 2001 [EMAIL PROTECTED] wrote:
> One simple method of adding security in this case would be to pop up a
> security alert when there is an attempt to add an address book entry where
> the real name portion is de facto an RFC compliant mail address. The user
> then can decide if he wants to allow the entry.
There are two problems with this:
1) I do not believe pop-ups are effective. The entire Windows security
model is built on "warn-and-nag", and one more box will just annoy users
who will unthinkingly hit "OK".
2) I bet I could craft e-mail addresses which are not RFC-compliant,
but which almost every MTA will deliver anyway. For example:
[EMAIL PROTECTED]
is not RFC-compliant (note the trailing dot), but Sendmail happily
delivers it. "Be liberal in what you accept" turns out to bite you.
I still maintain that very few legitimate full names have an "@" sign
in them, so those should be filtered out, no questions asked. In
12 years on the Internet, I've never received mail from someone with an
"@" in his/her full name.
--
David.
