Phishing is a big problem for banks, and the value in email is hugely diminshed as a result.  This article makes the argument for banks and businesses to unilaterally start using S/MIME and customers would begin to see the signed email, and email operators would have to follow through with S/MIME support.

I have no opinion yet on this, but in general it doesn’t sound like a bad idea.  Thoughts anyone?

CSO | Signed and Sealed? Might Get Delivered!

A good first step to attacking the phishing problem, then, is for businesses that send out large quantities of e-mail to get an S/MIME certificate and start sending those messages with S/MIME signatures.

Customers who receive these messages will see that they are digitally signed and will know that they are more trustworthy than messages that are not signed. If all of PayPal’s e-mail messages were digitally signed, then the unsigned messages sent by phishers would stand out. The rate of successful phishing attacks would surely go down.

Technorati Tags: phishing, identity_theft