On Fri, Oct 22, 2004 at 09:58:05AM +0100, Richard Bang wrote:
|
| Looking through the archives I see a lot of references to using spf to stop
| phishing, and this seems to be one of the major stumbling blocks of
| progress.
|
| I would propose that rather than trying to fly to the moon on our first RFC,
| it becomes a two stage process.
I tried to convince MS of this in March.
http://spf.pobox.com/slides/crossingbeams/0230.html
| When I get a signed message my mail client says
|
| "This message has been signed by XXXX and has not been modified".
|
| What it should be doing is saying for every other message I open
|
| "This message has not been signed and cannot be trusted"
|
| This would have the effect of making all the banks sign their messages. In
| fact we would all have to sign our messages if we wanted them to be trusted.
Agreed; in a perfect world this is how things should have
been from the beginning. Unfortunately to make this happen
we would now need to upgrading all the MUAs out there.