Distinguish Internal Senders

Name Distinguish Internal Senders
Sources (Garfinkel, 2005)
Synonyms None
Context In many cases the system has used some kind of authentication procedure to ascertain the identity of the service’s user—for example, requiring a username and password. It makes sense to distinguishes messages sent from these authenticated users from messages that originated from outside the system for which no authentication was performed.
Problem How can the authenticity of mails be distinguished?
Solution Allow users to readily distinguish between mail that was generated from within an email system and mail that was injected from the outside but which claims to have an internal address.
Examples AOL distinguishes between mail that is sent from within AOL and mail that was sent from outside AOL but with an @aol.com domain name. In the first case, the From: address is displayed accompanied by the AOL logo, while in the second case the AOL logo is not displayed. AOL also distinguishes official AOL mail from mail that is sent by users. Example Source: (Garfinkel, 2005)
Implementation Messages that originate from within the system need to be specially tagged in a manner that cannot be forged by outsiders.
Consequences Users can distinguish email that was sent after the user was authenticated, versus email that was delivered over the Internet.
Dependencies None
Relationships None
Principles [Visibility]
Guidelines None
Check lists None
Use cases None
Tags Distinguish Internal Senders, Inputability, Authenticity
Log history [01/18/2016]: Added to repository

References

Garfinkel, S.L., 2005. Design principles and patterns for computer systems that are simultaneously secure and usable (PhD thesis). Massachusetts Institute of Technology.