Ned Slider wrote:
Yes - but I think what he's saying is that you have to start with a
list of bank domains, the test those domains with higher scrutiny.
Does such a list exist? One of my users was getting a lot of spam
pretending to be from banks. I ended up just compiling a regular
expression to match against the from header of the emails:
@([-a-zA-Z0-9\.]+[-\.])?(rbs|barclays|halifax|secure-halifax|hsbc|natwest|nationwide|northernbank|cbonline|ybonline|co-operativebank|bank-of-ireland|bankofengland|lloydstsb|bankofscotland|firstdirect|alliance-leicester|abbeynational|egg|new\.egg|woolwich|firsttrustbank|ulsterbank|citibank|icicibank)\.(com|co\.uk)
It's far from comprehensive obviously, but it covers most of what he
was receiving.
If that regular expression matches, and the connecting host is in a
list of what I refer to as "dodgy countries," then I reject the email.
Yes, that's the type of thing I was thinking of Mike.
I was thinking it might be easier to maintain as a plugin with a
separate bank-domains.cf file listing banking type domains as Henrik has
done for freemail, and then query a FROM_BANK type rule.
That would be good yes. If the banks were serious about combating online
fraud, you'd expect them to come together and agree on a standard for
sending their email, eg they could all use DKIM. They should also
publish a combined directory of their own domain names.
--
Mike Cardwell
(https://secure.grepular.com/) (http://perlcv.com/)
