On Sat, 11 Nov 2006 19:45:34 -0000, Steve Atkins <steve(_at_)blighty(_dot_)com>
wrote:
On Nov 11, 2006, at 11:31 AM, <Bill(_dot_)Oxley(_at_)cox(_dot_)com> wrote:
The FDIC certifies a bank and authorizes them to use a logo, won't the
phishers immediately certify their mail with that logo?
Yes. But that logo will be in the body of the message, not in the
MUA where it would be for a real bank messge.
Think web browser-ssl-padlock or web browser coloured address
bar, rather than an attached gif.
Well that implies that every MUA worldwide needs to be upgraded before
this whitelist solution will work.
And before that, you have to define a communication protocol to convey
this information from the verifier/whitelist-looker-up/whatever to the MUA
that the Bad Guys cannot spoof.
It can't go in the body, because I read all my mail as plain text, and
drop HTML on sight as being sure evidence of spam. And Bad Guys can write
bodies too.
You can't do it in the headers, because Bad Guys can write headers too.
You might be able to do it in some special feature of POP3 or IMAP, but
that would mean an upgrade to the POP3 and IMAP protocols, and some people
don'e use POP3 and IMAP anyway (mail arrives at my machine by SMTP).
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html