Paul Madsen wrote: > The phisher doesn't need the seal, it lets the valid IDP send the code > to the user with the seal. The MITM would only need the seal if it were > to try to send the email itself, You got me. Nice catch, Paul! I guess I'll have to think harder. Regards, Dmitry =damnian