Daniel Quinlan <quinlan(_at_)pathname(_dot_)com> writes:
Not really. You still start your browsing session at www.bigbank.com.
Since email is a push medium, the problem is considerably different.
Hopefully the banks etc will realise this better than they do for the
telephone. When you phone them it is fine for them to ask you to
verify your identity. The problem is that they still expect you to
answer their verification questions when they have phoned you (often
with caller-id withheld). They do not like it when you point out to
them that they called you anonymously so first they have to satisfy
you that they are calling from the bank (or wherever) and not
engaging in social engineering or the phone equivalent of
phishing. They expect you to just accept their word. So it does not
bode well for expecting the banks etc to implement decent email
verification measures.