Brandon Butterworth wrote: It doesn't matter what the email is signed with I'd still go to the site to confirm
One has to be careful with this (unless one re-types the URL); I understand that the reader here is generally aware of these tricks, nevertheless we all have some weak moments. Con artists have become very good at sending fake links (especially paypal ones) that point to fake sites that really look like the real one and that display the original URL in the browser's window and the https padlock in the bottom bar. Using a text-mode browser does help, but even there embedding VT100 (or similar) control codes into the stream might lead to interesting results. Making a site look real is a matter of Javascript and Photoshop, not security. Con art is about illusion, not about encryption. Those of who not convinced can visit https://arneill-py.sacramento.ca.us/ and move their mouse cursor over the yellow padlock on the left (yes, it requires Javascript like all the other ones). What's wrong with the seal? It's completely bogus; I made it myself. The Authentic Fake Identity Seal (tm) you have found. [a real one can be found here: http://www.trustlogo.com/]
Better to trust that Rob Thomas has done due diligence than rely on email a virus may have generated (signed or not)
:-) Michel.