From: "Ned Slider" <n...@unixmail.co.uk>
Sent: Wednesday, 2010/June/30 08:37
I was a little bit surprised to see a phishing email today from
nationwide.co.uk that passed SPF!
So, upon further investigation we see:
$ dig txt nationwide.co.uk
;; ANSWER SECTION:
nationwide.co.uk. 5648 IN TXT "v=spf1 mx
a:mailhost.nationet.com a:mailhost2.nationet.com include:messagelabs.com
~all"
Great, at least they have an SPF record, but then messagelabs.com lets
the side down:
$ dig txt messagelabs.com
;; ANSWER SECTION:
messagelabs.com. 84771 IN TXT "v=spf1 +all"
So all mail from nationwide.co.uk will pass SPF. Great. And banks
wonder why they get so many phishing emails. Are they really that
incompetent or do they just not care?
I really don't understand why banks don't implement DKIM and/or SPF and
make it easier for us to filter phishing emails.
My solution is to just filter ALL mail from bank or bank-like domains.
The vast majority are phishing anyway with only a few marketing emails
(often not from a bank domain) or "your online statement is ready"
notifications that I'm sure users can do without. Those that do
implement DKIM/SPF etc can then be whitelisted.
Filter the banks and have that filter generate a message to the customer
that someone unverifiably claiming to be their bank is trying to send them
email. Include a brief message for them to forward to their bank. That
should get the bank's attention.
{^_^}
