I again reiterate my opinion -- an opinion which I believe is broadly shared in the infosec community -- that email and email based processes should never be presented to users as trustworthy as to confidentiality or as to integrity, with the possible exception of some entirely intra-organization endorsed mechanisms.
The mere normalization of according trust in a communication indexed upon an email address is the very kind of implicit experiential training that leads to the category of attacks known as business email compromise. I believe that every attempt to make incremental but non-universal improvements to such schemes is merely training users toward bad practice. -- You received this message because you are subscribed to the Google Groups "public" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/ccadb.org/d/msgid/public/779d2c5f-1023-45eb-aaed-c6d852729861n%40ccadb.org.
