Andy Bakun wrote:
Exactly -- and in light of this, header field verification
just ends up being a feel-good security measure.
Just like security seals. It does not need to _be_ real. It just needs
to _look like_ real. The typical user can't make the difference, don't
even mention the mark that actually thinks about clicking on the link
provided.
It does not mean we should not do it though, because it does raise the
bar a little bit. I would compare it to car keys: won't stop anybody
serious about it but will stop the bozos, which is why we lock out cars.
Or, as George Carlin says about airport security, it makes white people
feel safe :-)
The real solution is education, and providing the
tools to allow users to make more informed decisions.
We need a clue bat the size of Texas, me thinks.
Adding authentication and accreditation to the mix
only ends up giving you a false sense of security,
I actually don't agree with this.
Way too many people are overly trusting.
This is true, but not a reason not to add accreditation and
authentication, even if they are not perfect.
Michel,