Hi Grayhat. I probably used the wrong terminology....
It's not checked by SPF because it's not coming from a bank.... It does however reply to a bank.... I don't have the message here, so I would need to check it again.... No-one with good intentions (outside the bank itself) would use a domain of that bank. I'm not afraid of false positives. I think I could even block ALL mail coming from banks without losing any valuable mail, but I think it could be cleverer than that. Banks are not using mail for any important stuff. Phishing can do terrible things and we're expected to protect them from it. Can I send you an attachment with that false mail? I am talking about a very short list of domains that have to follow very strict rules. Maybe something like it has to follow the SPF of that domain even if it's only used as a header. To be successful with fishing they at least have to mention @abn-amro.nl (the domain of that bank) Cheers -----Oorspronkelijk bericht----- > Afzender:Grayhat <gray...@gmx.net <mailto:gray...@gmx.net> > > Verstuurd: Dinsdag 24 Maart 2015 15:46 > Aan: assp-test@lists.sourceforge.net <mailto:assp-test@lists.sourceforge.net> > Onderwerp: Re: [Assp-test] Prevent certain domains to be used with amiguous > origin (as anti-phishing) > > :: On Tue, 24 Mar 2015 14:06:29 +0100 > :: <zarafa.55116155.be48.464ae5f7799bf59d@zarafa-server.mirmana.local > <mailto:zarafa.55116155.be48.464ae5f7799bf59d@zarafa-server.mirmana.local> > > :: Jean-Pierre van Melis <j...@mirmana.com <mailto:j...@mirmana.com> > wrote: > > > coming from banks that are local in my country. Some of these banks > > use SPF-records and I've set all these domains to convert these > > SPF-records to strict. > > > > This isn't enough because these spammers are now using > > envelope-addresses and they are not scanned for SPF (well they > > shouldn't be) > > uh... SPF *does* check envelope FROM ! It doesn't check the "mime" part > of the message but that's by design; sure, one may decide to implement > the SenderID and the so-called PRA mechanism > > https://tools.ietf.org/html/rfc4407 > > but sincerely I'm not sure it would bring advantages and, for sure it > may cause a whole lot of false-positives :P > > > ------------------------------------------------------------------------------ > Dive into the World of Parallel Programming The Go Parallel Website, sponsored > by Intel and developed in partnership with Slashdot Media, is your hub for all > things parallel software development, from weekly thought leadership blogs to > news, videos, case studies, tutorials and more. Take a look and join the > conversation now. http://goparallel.sourceforge.net > <http://goparallel.sourceforge.net> / > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net <mailto:Assp-test@lists.sourceforge.net> > https://lists.sourceforge.net/lists/listinfo/assp-test > ------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test