I think I was wrong below: On Wed, 24 Aug 2005, Marilyn Davis wrote:
> On Wed, 24 Aug 2005, David Woodhouse wrote: > > > On Wed, 2005-08-24 at 09:37 -0700, Marilyn Davis wrote: > > > Another thought: it could be considered legitimate for a bank to > > > expect that the email address you list with them is a direct email > > > address. Certainly you change your snail mail address with them when > > > you move. > > > > $DEITY no. I don't have the wit or patience to remember to change my > > Ha ha. $DIETY. I really like that. > > > snail mail address with people when I move. I certainly wouldn't want to > > Anyway, my suggestion only rejects failed-SPF messages when the > received address is in the To: header. So, forwarded phish goes right > through. > > And, rethinking, even if you have 2 addresses with your bank, where > one forwards to the other, this also is not a problem. When your bank > sends legitimate mail to the 2 addresses, the one that is not > forwarded will pass SPF. The one that is forwarded will fail, since > it will seem to be not forwarded. But you'll get one message from the > bank, which is enough. > > And with phish, you'll only get one of the messages, the forwarded one. With phish, both will be rejected. Both will have the recipient on the To: line and be considered to be not-forwarded. Both will flunk SPF. Marilyn > > So, this is looking somewhat valuable to me, a little bit of baby in > the bathwater. > > Thank you again. > > Marilyn > > > change my email address too -- one lifetime address which forwards to > > wherever I happen to be is what these people will be given. > > > > > > -- -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
