Chapter 13. Secure Messaging

Secure Internet Letterhead applied to a bank Web site allows the alert customer to distinguish the genuine bank Web site from a capture site set up by a phishing gang. But the traditional e-mail-based phishing attack begins with an e-mail message, and the first trust decision the customer makes, therefore, is whether to trust that message. A comprehensive security solution must include e-mail.

As we saw earlier, the state of e-mail security leaves much to be desired. We have two powerful e-mail security protocols, one of which has a virtual monopoly of mindshare and another that has a virtual monopoly on deployment. Neither is widely used. The SenderID/SPF scheme described earlier provides a third authentication option, ...

Get The dotCrime Manifesto now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.