-----BEGIN PGP SIGNED MESSAGE-----
My email box is constantly plagued by spam, phishing, and other random junk. Banks, PayPal, and other merchants have spent a lot of time educating the public on how to recognize "spoofed" emails, and not believe (or click) everything they get in their inbox.
Wouldn't it be great if I could know that email came from PayPal?
We have the tools--we have for years. Public Key Encryption (PGP, GPG, and the like), in addition to allowing for top-notch privacy also can allow for nearly-perfect sender identification.
With Encryption, I can send an email to a colleague and know that only he can open it (at Collective Idea, we do this as a matter of habit--even if we're just sending a funny link). The other side, Signing, allows for me to send an email to anyone and have them *know* that I am the only person who could possibly have sent it.
To know that the sender is who they say they are, I do need to have PGP installed, and be smart about accepting keys. If I do both of these things, I have a greater level of assurance. If I don't, I see a message that looks exactly like this one.
I'm starting to think that all web applications should sign emails without exception. Do I care if my account notice from Bascamp is real? Probably not, but I would like to know I can. I'd also like to see PGP more widely used... this could help, if only in a small way.
I'm considering adding signed messages to some apps I'm working on. Is it worth it? Would people respond well, or get confused?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)
-----END PGP SIGNATURE-----