On Nov 11, 2006, at 2:31 PM, <Bill(_dot_)Oxley(_at_)cox(_dot_)com>
<Bill(_dot_)Oxley(_at_)cox(_dot_)com> wrote:
The FDIC certifies a bank and authorizes them to use a logo, won't the
phishers immediately certify their mail with that logo?
No, the idea is that the FDIC certifies a set of signing domains, and
the logo goes with the certifier, so your MUA would show the logo
only on mail with a sig from a domain in the list.
Bad guys could certainly put the logo in their mail and try to fool
people. I don't know enough about user interface design to know how
much of a problem that will be.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html