On Tue, Mar 22, 2005 at 08:49:40PM +0100, Julian Mehnle wrote: > Matthew van Eerde wrote: > > Julian Mehnle wrote: > > > The way to combat phishing is to employ sender authentication methods > > > such as SPF, DomainKeys, and public-key message cryptography. > > > > This is unfortunately debatable. SPF, DomainKeys, cryptography, > > SenderID, etc. can only work on info in the message. > > > > Nothing stops people from registering a domain like > > onlinebanking.example and then sending out - perfectly legitimately - > > from [EMAIL PROTECTED] > > Still the sender is not @citibank.com.
But I could form a "Committee on Income Tax Inequities" and register citi.us. > Also, Service providers can hand out their PGP or S/MIME public key to > their customers (by postal mail or similar) and instruct them to discard > any messages that are not signed by that key. Wow, absolutely brilliant! They can send them in the pre-approved credit card offers! Maybe Congress should pass a law that they have to provide armored pgp public keys in the disclaimers! Oh, and PGP would have to be given to everyone who has a computer! While waiting, breathlessly, for Congress to take up your solution to the phishing problem, I'll continue to delete any mail that remotely smells like spam or malware, using as many tools as I can to search and destroy. You are, of course, free to delete only things that clamav names as ^worm\. If the dev team mis-names a "technical exploit", then that's just your tough luck. -- _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
