[IxDA Discuss] theory behind login screen of IxDA ?
Alexander Baxevanis
alex.baxevanis at gmail.com
Wed Oct 24 09:52:53 PDT 2007
On 10/24/07, Kivi Shapiro <kivi.shapiro at qualicom.com> wrote:
> Jeff makes a good point about how easy it is to send email
> under someone else's name. I think people don't really
> think about it: after all, a username and password are
> needed to *receive* email, so it doesn't occur to them that
> the ability to *send* email would be any less secure. So
> there's a certain amount of securitiness involved.
Actually, this is not the case. E-mails with forged "From:" address
can be frequently detected and dropped by today's spam filters.
Basically, owners of domains are able to specify that valid e-mails
from a domain (e.g. @gmail.com) can only originate from specific IP
addresses (e.g. GMails mail servers). And many ISPs now require
authentication for sending as well (although sometimes this is handled
automatically by e-mail software and you don't need to enter your
login details twice).
If you're interested in the technicalities, take a look there:
http://en.wikipedia.org/wiki/E-mail_authentication
> So I'd suggest having a standard e-mail address/password
> screen. Use Secure HTTP, so whatever people happen to type
> in the password field doesn't get sent over the Internet in
> plain text. But then? Ignore what they put in the password
> field, and go by the e-mail address alone.
Deliberately misleading users about security issues does not amount to
good usability, IMHO.
Regards,
Alex
More information about the Discuss
mailing list