Flagging (Non)-Spoofed Mail
May 1st, 2008 by Kelson. Posted in Computers/Internet, Spam and tagged for email, paypal, phishing, securityFollowing up on the PayPal anti-phishing discussion of a few weeks ago, I see that PayPal is promoting a service called Iconix. You install the program on your system, and it looks at your inbox for messages that claim to be from one of its customers. It tries to verify them “using industry-standard authentication technologies such as Sender ID and DomainKeys.” Messages that pass get a lock-and-checkbox icon attached to the sender’s name, and in some cases the name is replaced by the sender’s logo.
On the tech side, it’s similar to SpamAssassin’s whitelist_from_spf and whitelist_from_dkim features. Both allow you to specify a sender to whitelist, and it will only give a message special treatment if it can verify the sender.
On the user-interface side, it’s similar to EC certificates, in that it tries to highlight a “good” class of messages rather than flag or filter out a “bad” class.
It’s not a bad idea, actually, and now that I’m surprised I haven’t seen something similar in other email clients. It’s sort of like setting up custom rings or images for images on your cell phone address book
They seem to be focused on webmail and Outlook so far, and only on Windows, but it looks like the perfect candidate for a Thunderbird extension. They do have a sign-up form to notify you when they add support for various programs and OSes, and I was pleased to see not only Thunderbird and Mac OS listed, but Linux as well. Too often, Linux gets forgotten in the shuffle to ensure compatibility with every Windows variation.
Related Posts
- One Degree
- Blocking IE6: You, Me and…PayPal?
- Spam is like machine gun fire
- Zero Downtime
- Alphabet Soup: XP SP and EV SSL XSS!
My Amazon Wishlist
RSS feed for comments on this post.