Ned Slider a écrit : > [snip] > I > would really like to see the creation of a tld along the lines of .bank, > and make it like .gov or .edu (ac.uk) where only confirmed banks and > financial institutions can register such domains.
my $devil{"advocate"}->mode = $status->enabled; and after banks, operators/ISPs (.isp?). then next come amazon, ebay, .... (what tld should we use here?). then come software and hardware vendors (microsoft, cisco, ...), I guess a .vnd should do? then consulting companies... etc. then at some point, we cover every organization die $smiley->print; > That combined with > mandatory DKIM and/or spf would make it a lot easier to spot and stop > the phishing but I think we are a long way from anything that > coordinated actually happening. > > It's been said before on this list, but it doesn't help when banks have > multiple domain names and often mix and match domains/URLs in the same > email (goes to demonstrate their lack of understanding). > Is phishing really a problem for banks? I don't think so. Risk is their job and they handle it in a way that always worked for them (push as much losses to customers). As we say in .fr, "on ne change pas une équipe qui gagne" (literally: "don't replace a winning team"). now, if every email user sends me 1 Euro, I'll open a bank and I promise to setup DKIM, SPF and a whole lot of funny other things. and I'll make it green, equitable, future-proof, crisis-resilient, here->map(%buz) ;-p > In the meantime I'm left working on the basis that for the large part, > banks simply don't send email to my clients so *any* email claiming to > be from a bank is immediately highly suspicious and could probably be > scored well on the way to being spam. > I personally use dedicated addresses for banks, amazon, ISPs, ... etc. if they leak, I detect that (and I complain, disbale the address and give them a new one). if they don't, their mail gets in. and all forgeries to other addresses are caught.