Email Authentication
The battle against email spam has long been an interest of mine. Recently, I've had a couple of situations making me look into the current state of spam detection and avoidance. Specifially:
- ThoughtWorks contracted MessageLabs to filter all inbound email. More and more companies are setting up spam filters, but fewer companies and looking into how to prevent their own email from getting filtered.
- A new project at an Australian Bank is sending email to clients. Nothing has been done to see how we can send email and help reduce phishing, or how customers can verify that an email was actually send by the bank. I won't say which bank, but I will say it's not HSBC.
There are several technologies which help spam filters fitler spam. This includes DomainsKeys, SPF, and SenderID. SPF is probably the easiest to implement, so I thought I'd check to see which major banks are using it. Here's the results:
| Name | Has an SPF record |
|---|---|
| Bank of America Corp. | Yes |
| Citigroup | Yes |
| Chase | Yes |
| National City Corp | No |
| JPMorgan | Yes |
| Wachovia | Yes |
| Wells Fargo | Yes |
| US Bank | Yes |
| SunTrust Banks | No |
| Name | Has an SPF record |
|---|---|
| ANZ | No |
| Commonwealth Bank | No |
| HSBC Australia | Yes |
| Macquarie | No |
| National Australia Bank | No |
| WestPac | No |
| St. George | No |
| Name | Has an SPF record |
|---|---|
| Apple | Yes |
| Yahoo! | No |
| Yes | |
| ThoughtWorks | No |
| Microsoft | Yes |
| Message Labs | No |
| O'Reilly Media | Yes |
| IBM | Yes |
| Accenture | Yes |
| Electronic Data Systems | No |