[Dshield] Using digital signatures to filter out phishing emails

Anthony Rodgers Anthony_Rodgers at dnv.org
Fri Aug 12 19:36:01 GMT 2005


I had an idea yesterday, and wanted to run it by some knowledgeable 
folks to see if I'm missing something.

The idea goes like this: organizations that are prone to being the 
subject of phishing emails (eBay, PayPal, banks, etc.) start digitally 
signing all genuine outbound emails. The root certificate (which 
doesn't need to be publicly rooted, if the organization itself is 
trusted) is available on their website via HTTPS, so people can 
download it.

Then, email filters could be set to reject any email purporting to be 
from eBay, PayPal, etc. that is not signed with the appropriate key (if 
email filters can be set that way - can they?).

What am I missing?

Anthony Rodgers
Business Systems Analyst
District of North Vancouver
Web: http://www.dnv.org
RSS Feed: http://www.dnv.org/rss.asp

More information about the list mailing list