RE: Smells like a phish, is a fish?

["M. Burnett" <mb () xato net>]

These are all excellent points. E-mails shouldn't contain sensitive information and companies should try hard not to 
look like phishers to better help customers tell the difference. But the underlying problem is that e-mail technology 
is to blame. E-mails are not encrypted, they do not authenticate the source (the sender or originating server), they do 
not prevent tampering, and they do not ensure that only the recipient can view the message. Fixing this problem would 
make so many other problems--including spam, worms, and scams--simply irrelevant.

Wouldn't it be great to step back a bit and fix some of the world's core technology flaws?


Mark



On Thu, 27 Oct 2005 10:34:45 +0200, Damhuis Anton wrote:
>  Hi
>
>  But email is sent over an unencrypted link, thus any body could get
>  hold of the link, and by entering it, get access to the web site's
>  details (the account).
>
>  Something should always be kept secret, when sending logon
>  information via email.
>
>  So I don't think it is mitigating phishing, but possibly rather a
>  way to track their responses to the email.
>
>  Or am I understanding your statement incorrectly?
>
>  Regards
>  Anton
>
>  -----Original Message-----
>  From: Ofer Shezaf [mailto:Ofer.Shezaf () breach com]
>  Sent: 27 October 2005 10:15
>  To: Andrew van der Stock; webappsec () securityfocus com Subject: RE:
>  Smells like a phish, is a fish?
>
>  ..
>  provide you with a key in the e-mail, rather than asking for a
>  login might actually be a way to mitigate phishing.
>
>  Confidentiality Warning
>  =======================
>  The contents of this e-mail and any accompanying documentation are
>  confidential and any use thereof, in what ever form, by anyone
>  other than the addressee is strictly prohibited.