Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
RE: Proposal to anti-phishing
From: Lyal Collins (lyal.collinskey2it.com.au)
Date: Sun Jan 16 2005 - 01:03:07 CST
From: Rogan Dawes [mailto:discarddawes.za.net]
Sent: Saturday, 15 January 2005 3:05 AM
To: Rafael San Miguel
Cc: webappsecsecurityfocus.com; Enrique.Diezdvc.es
Subject: Re: Proposal to anti-phishing
Please take a look at the thread that starts
and especially <http://seclists.org/lists/webappsec/2004/Oct-Dec/0347.html>
where I explain why I believe SSL client certificates are really the
only practical solution to preventing phishing.
Well, there may be one other good option to stop phishing.
If emails could be positively identified as coming from a customer's bank,
then they could ignore those that don't authenticate as spam/phishing/fraud.
Then if your bank doesn't provide this capability, you may decide to change
to a bank that does provide authenticated, secured email comunications with