Matthew van Eerde wrote: > Julian Mehnle wrote: > > The way to combat phishing is to employ sender authentication methods > > such as SPF, DomainKeys, and public-key message cryptography. > > This is unfortunately debatable. SPF, DomainKeys, cryptography, > SenderID, etc. can only work on info in the message. > > Nothing stops people from registering a domain like > onlinebanking.example and then sending out - perfectly legitimately - > from [EMAIL PROTECTED]
Still the sender is not @citibank.com. Also, Service providers can hand out their PGP or S/MIME public key to their customers (by postal mail or similar) and instruct them to discard any messages that are not signed by that key. _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
