Comment Re:First Post (Score 1) 221
You seem to be assuming that everyone who has a legitimate reason to spoof "from" addresses also has control of the firewall and DNS entry, or the ability to influence SenderID policy. This is very rarely the case.
Using the envelope-from seems a better approach to me (as in SPF?), but Microsoft seems to want to cause hassle for many people just because it can find no better way of making its software immune to phising.
Yes, sites can always adopt more teleworking-friendly policies. They can also adopt software that is relatively free from virus infection and phising, and a more enlightened attitude to software patents, support fair trade etc. Unfortunately, influencing corporate and technical policy in all these cases seems equally difficult. Most people will give up trying before they are labelled a "trouble-maker".
By the way, I happen to use something like Microsoft's proposed algorithm for verifying senders (using fetchmail's prior-art algorithm). It is a very poor way of detecting spam these days. When it has detected a sender address mismatch in recent months, it is typically due to someone teleworking, very rarely is it spam.
Using the envelope-from seems a better approach to me (as in SPF?), but Microsoft seems to want to cause hassle for many people just because it can find no better way of making its software immune to phising.
Yes, sites can always adopt more teleworking-friendly policies. They can also adopt software that is relatively free from virus infection and phising, and a more enlightened attitude to software patents, support fair trade etc. Unfortunately, influencing corporate and technical policy in all these cases seems equally difficult. Most people will give up trying before they are labelled a "trouble-maker".
By the way, I happen to use something like Microsoft's proposed algorithm for verifying senders (using fetchmail's prior-art algorithm). It is a very poor way of detecting spam these days. When it has detected a sender address mismatch in recent months, it is typically due to someone teleworking, very rarely is it spam.
