Educause Security Discussion mailing list archives

Re: Official and Certified Email

From: Chris Green <cmgreen () UAB EDU>
Date: Wed, 24 Sep 2008 10:17:22 -0500

Willis Marti wrote:

Has anyone conquered yet how to have (example) their president send
out an email with a link in it and have folks comfortable that it is
not a phishing scheme?


The best I can think of is having a golden site secured where it
redirects to official links that have been previously authorized.  This
of course breaks a lot of the "backtracking" links that people want
dynamically to view responses.

Some of the other methods proposed:  RSS - doesn't work for majority of
users.  In a sampling of a MSEE class I was in, less than 10% of people
in the class used RSS when first asked about it.

No clickable links:   That works except for there are plenty of spams
happening these days that say www.foobar .example. com and expect the
end user to reconstruct the URL to avoid URIBL.

In a perfect world, I think you'd do what ebay tries to do:

  Centralize the content via a portal
  Deliver end user messages inside the portal
  Give out links that only direct towards the portal and teach people to
verify the portal site identity

Current thread:

Official and Certified Email Mclaughlin, Kevin (mclaugkl) (Sep 24)
- <Possible follow-ups>
- Re: Official and Certified Email Ken Connelly (Sep 24)
- Re: Official and Certified Email Justin St. Onge (Sep 24)
- Re: Official and Certified Email Willis Marti (Sep 24)
- Re: Official and Certified Email Mike Porter (Sep 24)
- Re: Official and Certified Email Chris Green (Sep 24)