Graham Murray wrote:
ram <[EMAIL PROTECTED]> writes:
That is not practical.
Atleast in India, Banks use third party servers to send their mailers
often. And the ips have PTR's & HELO's which dont match the banks',
because these dont belong to the bank
Which practice does nothing at all to com
ram <[EMAIL PROTECTED]> writes:
> That is not practical.
> Atleast in India, Banks use third party servers to send their mailers
> often. And the ips have PTR's & HELO's which dont match the banks',
> because these dont belong to the bank
Which practice does nothing at all to combat phishing. Ban
On Thu, 2008-06-05 at 13:08 +0200, Benny Pedersen wrote:
> On Thu, June 5, 2008 12:53, ram wrote:
>
> > Phishers sometimes just forge the Header from & not the Env-From.
> > You would not get a SPF_FAIL, because there was nothing wrong with the
> > sender address. But the end users are usually ar
On Thu, June 5, 2008 12:53, ram wrote:
> Phishers sometimes just forge the Header from & not the Env-From.
> You would not get a SPF_FAIL, because there was nothing wrong with the
> sender address. But the end users are usually are not trained to look at
> the real sender.
good banks have equal
On Thu, 2008-06-05 at 12:02 +0200, Benny Pedersen wrote:
> On Thu, June 5, 2008 07:33, ram wrote:
>
> > I do something like this.
> > ((! SPF_PASS ) && ( ENV_FROM_GOOD_BANKS || HEADER_FROM_GOOD_BANKS) )
> > then give a score 3.0
> >
> > Of course the GOOD_BANKS are a list of bank which have SPF r
On Thu, June 5, 2008 07:33, ram wrote:
> I do something like this.
> ((! SPF_PASS ) && ( ENV_FROM_GOOD_BANKS || HEADER_FROM_GOOD_BANKS) )
> then give a score 3.0
>
> Of course the GOOD_BANKS are a list of bank which have SPF records.
we could olso just give scores on spf fail with a meta :-)
B
> >
>
> Actually in some ways this leads to an interesting idea. In our wiki
> here perhaps we should write some guidelines for banks and everyone else
> running legitimate email servers as to what is the correct way to
> configure their servers. The first thig that come to mind is getting
On Tuesday, June 3, 2008, 10:31:43 AM, Joseph Brennan wrote:
> --On Tuesday, June 3, 2008 9:32 -0700 Kelson <[EMAIL PROTECTED]> wrote:
>> Marc Perkel wrote:
>>> If the FCrDNS matches one of these domains it is ham.
>>> If the sender or from address matches one of these domains and the
>>> domain
Marc Perkel wrote:
Actually in some ways this leads to an interesting idea. In our wiki
here perhaps we should write some guidelines for banks and everyone
else running legitimate email servers as to what is the correct way to
configure their servers. The first thig that come to mind is get
Randal, Phil wrote:
We should be marking ALL such behaviour as phishing and hope that the
banks (etc) finally get a clue.
I certainly wouldn't trust my money with an outfit that was that
clueless about security.
Cheers,
Phil
Actually in some ways this leads to an interesting idea. In
On Wed, June 4, 2008 09:30, Randal, Phil wrote:
> We should be marking ALL such behaviour as phishing and hope that the
> banks (etc) finally get a clue.
i hope banks using ssl, but this does not help if phishers sends phising mails
to there "custommers" pretending its there banks webpages, this
Joseph Brennan said:
> Many banks also send mail from third-party servers. Bank of America
sends from
> customercenter.com and par3.com. American Express sends from aexp.com
(which is
> theirs) and cheetahmail.com. Some send from bigfoot. It's only
personal bank
> account information-- why kee
Patrick McLean wrote:
royalbankofcanada.com
This is the wrong URL for the Royal Bank, it appears to be a domain
camping site. Generally RBC's emails come from rbc.com, they also own
royalbank.com, royalbank.ca, rbcroyalbank.ca and rbcroyalbank.com.
Also you can add:
desjardins.com
I get
royalbankofcanada.com
This is the wrong URL for the Royal Bank, it appears to be a domain
camping site. Generally RBC's emails come from rbc.com, they also own
royalbank.com, royalbank.ca, rbcroyalbank.ca and rbcroyalbank.com.
Also you can add:
desjardins.com
I get a fair number of phishing
--On Tuesday, June 3, 2008 9:32 -0700 Kelson <[EMAIL PROTECTED]> wrote:
Marc Perkel wrote:
If the FCrDNS matches one of these domains it is ham.
If the sender or from address matches one of these domains and the
domain doesn't appear in the Received headers - it's a phish.
citibank.com
It'
Marc Perkel wrote:
If the FCrDNS matches one of these domains it is ham.
If the sender or from address matches one of these domains and the
domain doesn't appear in the Received headers - it's a phish.
citibank.com
It's worth noting that Citibank still sometimes uses other domains.
I've see
Here's a short list of banks often spoofed in phishing scams. I'm using
this list as follows:
If the FCrDNS matches one of these domains it is ham.
If the sender or from address matches one of these domains and the
domain doesn't appear in the Received headers - it's a ph
17 matches
Mail list logo
