Paul Madsen schrieb: > The phisher doesn't need the seal, it lets the valid IDP send the code > to the user with the seal. The MITM would only need the seal if it were > to try to send the email itself, If the user does not paste anything into the web page but just follows the link sent via email (or IM), the MITM would not get the code. Claus