Educause Security Discussion mailing list archives
Re: Official and Certified Email
From: Chris Green <cmgreen () UAB EDU>
Date: Wed, 24 Sep 2008 10:17:22 -0500
Willis Marti wrote:
Has anyone conquered yet how to have (example) their president send out an email with a link in it and have folks comfortable that it is not a phishing scheme?
The best I can think of is having a golden site secured where it redirects to official links that have been previously authorized. This of course breaks a lot of the "backtracking" links that people want dynamically to view responses. Some of the other methods proposed: RSS - doesn't work for majority of users. In a sampling of a MSEE class I was in, less than 10% of people in the class used RSS when first asked about it. No clickable links: That works except for there are plenty of spams happening these days that say www.foobar .example. com and expect the end user to reconstruct the URL to avoid URIBL. In a perfect world, I think you'd do what ebay tries to do: Centralize the content via a portal Deliver end user messages inside the portal Give out links that only direct towards the portal and teach people to verify the portal site identity
Current thread:
- Official and Certified Email Mclaughlin, Kevin (mclaugkl) (Sep 24)
- <Possible follow-ups>
- Re: Official and Certified Email Ken Connelly (Sep 24)
- Re: Official and Certified Email Justin St. Onge (Sep 24)
- Re: Official and Certified Email Willis Marti (Sep 24)
- Re: Official and Certified Email Mike Porter (Sep 24)
- Re: Official and Certified Email Chris Green (Sep 24)