The Secret Handshake
I came up with an idea that I call the secret handshake.
The secret handshake is a property on a user’s online account for services that want to send me email. Here’s how it would work:
- I sign up for an account on a web service -- let’s say a newsletter for an online video game site.
- In addition to a password, I also elect to enter a “secret handshake”. I enter my childhood dog’s name: Magoo.
- Whenever an email is sent to me by the service, it includes the secret handshake (Magoo) in the subject line.
- I know the email is one I requested because it has my secret handshake -- even when it’s a service that rarely sends mail and might not otherwise be spotted among spam.
- I can set up mail filters based on the handshake to higlight them to further make then stand out from spam.
Now, I didn’t think of this for secure services like Paypal, but at first glance it seems like something that could reduce phishing scams.
I'm Hanford Lemoore. My parking skills are unparalleled.
May 9th, 2006 at 9:33 am
I took the precaution of registering a domain and forwarding all email from that domain to my personal inbox. When I need to sign up anywhere I create a new email address for that service. So, to use your example, I’d enter my email address as monolux@my_domain_name.com. Then I can easily set up a filter for all mail from that specific address in my email client. Problem solved
July 13th, 2006 at 12:03 am
Actually, I can see some banks already using a similar technique—they probide a small bit of information, which wouldn’t reveal much to an interseptor, but would rule out phishing almost completely. An example would be part of the zip (post) code