Comments on: Social Engineering and the "Little Guy" http://blogs.mcafee.com/mcafee-labs/social-engineering-and-the-little-guy Tue, 29 Nov 2011 07:51:20 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Angus Scott-Fleming http://blogs.mcafee.com/mcafee-labs/social-engineering-and-the-little-guy/comment-page-1#comment-6715 Angus Scott-Fleming Tue, 12 Dec 2006 14:57:11 +0000 http://www.labs.com/research/blog/?p=151#comment-6715 "Do you need to post your employees’ name and phone numbers publicly or would something more general be feasible?" I can't imagine NOT doing this. What is needed is for e-mail clients to start verifying the sending server -- i.e. using SPF -- and throwing up two levels of warning flags, the first being a "yellow" warning when the alleged sender's domain has no SPF entry and the "red" warning being when the alleged sender's domain's SPF entry doesn't match the sending server. Once e-mail client software gets this "smart" it will really help. “Do you need to post your employees’ name and phone numbers publicly or would something more general be feasible?”

I can’t imagine NOT doing this. What is needed is for e-mail clients to start verifying the sending server — i.e. using SPF — and throwing up two levels of warning flags, the first being a “yellow” warning when the alleged sender’s domain has no SPF entry and the “red” warning being when the alleged sender’s domain’s SPF entry doesn’t match the sending server.

Once e-mail client software gets this “smart” it will really help.

]]>