[Bug 96020] HTML Allows Spoofing of Emails Content
Jaime Torres
jtamate at gmail.com
Sat Jan 17 11:54:27 GMT 2009
http://bugs.kde.org/show_bug.cgi?id=96020
Jaime Torres jtamate gmail com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jtamate at gmail.com
--- Comment #13 from Jaime Torres <jtamate gmail com> 2009-01-17 12:54:25 ---
With the new messagelist there is allways information that says the message has
a signature or not, or is encrypted or not, but I'm sure most users will only
see the fancy rendering saying the mail is signed and the signature is valid.
To solve the phising, the way the signature information is shown must change a
lot and must not be possible to simulate it with html mails (or the next great
mail format with pretty colors).
And, very important, the users must be trained to not trust mail messages until
they check the message is valid. I'm almost sure that if the exploit is seen
with other mail clients, a lot of users will also trust the mail content.
--
Configure bugmail: http://bugs.kde.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the Kdepim-bugs
mailing list