[Dshield] Using digital signatures to filter out phishing emails
Anthony_Rodgers at dnv.org
Fri Aug 12 19:36:01 GMT 2005
I had an idea yesterday, and wanted to run it by some knowledgeable
folks to see if I'm missing something.
The idea goes like this: organizations that are prone to being the
subject of phishing emails (eBay, PayPal, banks, etc.) start digitally
signing all genuine outbound emails. The root certificate (which
doesn't need to be publicly rooted, if the organization itself is
trusted) is available on their website via HTTPS, so people can
Then, email filters could be set to reject any email purporting to be
from eBay, PayPal, etc. that is not signed with the appropriate key (if
email filters can be set that way - can they?).
What am I missing?
Business Systems Analyst
District of North Vancouver
RSS Feed: http://www.dnv.org/rss.asp
More information about the list