Daniel J McDonald wrote: > Julian Mehnle wrote: > > Matthew van Eerde wrote: > > > Nothing stops people from registering a domain like > > > onlinebanking.example and then sending out - perfectly legitimately > > > - from [EMAIL PROTECTED] > > > > Still the sender is not @citibank.com. > > But I could form a "Committee on Income Tax Inequities" and register > citi.us.
Granted, preventing sender address forgery isn't sufficient for solving the phishing problem. > > Also, Service providers can hand out their PGP or S/MIME public key to > > their customers (by postal mail or similar) and instruct them to > > discard any messages that are not signed by that key. > > Wow, absolutely brilliant! Not at all. But effective. And absolutely feasible. > They can send them in the pre-approved credit card offers! Certificate authorities don't issue certificates (public keys) reading "Citigroup, Silver Spring, Maryland, US" to unverified strangers. The way the certificate reaches the end-user is largely irrelevant. > Oh, and PGP would have to be given to everyone who has a computer! Most widely-used mail clients do at least support S/MIME out of the box. > While waiting, breathlessly, for Congress to take up your solution to > the phishing problem, I'll continue to delete any mail that remotely > smells like spam or malware, using as many tools as I can to search and > destroy. And nobody wants to take that option away from you. > You are, of course, free to delete only things that clamav names as > ^worm\. No, because ClamAV reports at maximum _one_ malware signature match per scanned object. If it reports a match for /\.phishing\./, that doesn't mean the object doesn't also contain some other (real) malware. _______________________________________________ http://lurker.clamav.net/list/clamav-users.html