On Saturday, April 25, 2015 5:34 PM [GMT+1=CET], Stephen J. Turnbull wrote:
> J. Gomez writes: > > > Yes, the user did it to himself, but what does he know? > > Obviously too little to be trusted with an email account. Fire the > corporate training department! Not an option. And sorry but it is not affordable to employ security experts in everyday clerical tasks. So the affected user remains on the payroll, and the company takes the hit in lost productivity because of email being inherently insecure, and because the security experts cannot agree to make it secure after 30 years of Internet email been invented. > I also doubt it would work as well on Mac OS X, where the user would > be prompted for his password to confirm permission to execute an > application received from an untrusted source. I am not so sure, but I cannot test it right now in OS X. From an untrusted source came the ZIP file, but the EXE inside it is --when opened from the ZIP-- temporarily extracted to a $TEMP folder in the user's profile and run from there, so I guess the operating system has no way of knowing whether that EXE running form the user's $TEMP folder came from the untrusted Internet or not. Regards, J.Gomez _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
