Thank you.
Mr. Drennan, in the three minutes that Mr. Picard has been asking questions, I logged into a server, and using raw SMTP, sent myself an email from [email protected]. I think this brings to a big part of your spear phishing discussion the question, why is it that we are still using protocols that are completely hackable like that?
There's no authentication whatsoever in SMTP. I can put any spoofed address that I want. SMTP SSL is not universal, but it doesn't prevent spoofing in any case. Therefore, is there a role for, say, PGP signing our emails as a standard, or is there something we can do to sign cryptographically? Is that an approach we should be looking at?
For whatever reason, that has not taken off in the 25 years it has been around.