Chapter 13. Secure Messaging
Secure Internet Letterhead applied to a bank Web site allows the alert customer to distinguish the genuine bank Web site from a capture site set up by a phishing gang. But the traditional e-mail-based phishing attack begins with an e-mail message, and the first trust decision the customer makes, therefore, is whether to trust that message. A comprehensive security solution must include e-mail.
As we saw earlier, the state of e-mail security leaves much to be desired. We have two powerful e-mail security protocols, one of which has a virtual monopoly of mindshare and another that has a virtual monopoly on deployment. Neither is widely used. The SenderID/SPF scheme described earlier provides a third authentication option, ...
Get The dotCrime Manifesto now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.