The idea of authenticating email as a means of stopping spam and phishing has been
talked about for some time, but for various reasons, including standards disputes, the concept hasn't really gone anywhere. Now PayPal, the most popular target among phishers, is proposing a slightly different take on the concept that sounds sort of interesting. The company is urging popular webmail providers like Google and Yahoo to automatically deny any emails coming from a @paypal.com address
unless it's authenticated with an established digital signature. So far, the company hasn't gotten any takers, but it would be an interesting experiment to try. Of course, this wouldn't stop attackers from sending emails from different addresses that looked like PayPal's, but these are likely to be less effective anyway. Ultimately, no one solution is going to be a magic bullet for stopping phishing, but anything that can reduce its volume while still allowing legitimate email to get through is a step in the right direction.