Require all outgoing bank email to be digitally signed.
The level of fraudulent-but-very-authentic-seeming emails from financial institutions is exceedingly high - phishing attempts. And yet banks continue to send out a large volume of product offers with no digital signatures or other reasonable verification measures. Digital signing is very easy and of negligible cost.
Even without more education on the part of the end user, or involvement on the part of the OS manufacturers, the filtering efforts by the ISP's would become quite formidable. "Hmm, this email is -not- properly signed by Chase.com, I'm thinking it's quite likely by an impostor!"
It's only been twenty years that the solution has been rolling around without implementation.
bluea
shared this idea
-
Simon Barber
commented
This could be combined with a DNS entry to indicate that all email from this domain will be signed, so any MTA or client can automatically junk any mail that is not signed from the domain.
