Email Authentication: Difference between revisions

From EggeWiki
mNo edit summary
mNo edit summary
Line 4: Line 4:
* A new project at an Australian Bank is sending email to clients.  Nothing has been done to see how we can send email and help reduce phishing, or how customers can verify that an email was actually send by the bank.  I won't say which bank, but I will say it's not HSBC.
* A new project at an Australian Bank is sending email to clients.  Nothing has been done to see how we can send email and help reduce phishing, or how customers can verify that an email was actually send by the bank.  I won't say which bank, but I will say it's not HSBC.


There are several technologies which help spam filters fitler spam.  This includes DomainsKeys, SPF, and SenderID.  SPF is probably the easiest to implement, so I thought I'd check to see which major banks are using it.  Here's the results:
There are several technologies which help spam filters fitler spam.  This includes [http://en.wikipedia.org/wiki/Domainkeys DomainsKeys], [http://en.wikipedia.org/wiki/Sender_Policy_Framework Sender Policy Framework(SPF)], and [http://en.wikipedia.org/wiki/Sender_ID Sender ID].  SPF is probably the easiest to implement, so I thought I'd check to see which major banks are using it.  Here's the results:


{| border="1"
{| border="1"
Line 102: Line 102:
|}
|}


''These checks were performed on July 13, 2007''
== References ==
== References ==
# http://uhaweb.hartford.edu/COHN/largest_commercial_banks.htm
# http://uhaweb.hartford.edu/COHN/largest_commercial_banks.htm
# http://mxtoolbox.com/spf.aspx
# http://mxtoolbox.com/spf.aspx

Revision as of 02:32, 13 July 2007

The battle against email spam has long been an interest of mine. Recently, I've had a couple of situations making me look into the current state of spam detection and avoidance. Specifially:

  • ThoughtWorks contracted MessageLabs to filter all inbound email. More and more companies are setting up spam filters, but fewer companies and looking into how to prevent their own email from getting filtered.
  • A new project at an Australian Bank is sending email to clients. Nothing has been done to see how we can send email and help reduce phishing, or how customers can verify that an email was actually send by the bank. I won't say which bank, but I will say it's not HSBC.

There are several technologies which help spam filters fitler spam. This includes DomainsKeys, Sender Policy Framework(SPF), and Sender ID. SPF is probably the easiest to implement, so I thought I'd check to see which major banks are using it. Here's the results:

Major US Commercial Banks
Name Has an SPF record
Bank of America Corp. Yes
Citigroup Yes
Chase Yes
National City Corp No
JPMorgan Yes
Wachovia Yes
Wells Fargo Yes
US Bank Yes
SunTrust Banks No


Major Australian Commercial Banks
Name Has an SPF record
ANZ No
Commonwealth Bank No
HSBC Australia Yes
Macquarie No
National Australia Bank No
WestPac No
St. George No


Select 'technology' companies
Name Has an SPF record
Apple Yes
Yahoo! No
Google Yes
ThoughtWorks No
Microsoft Yes
Message Labs No
O'Reilly Media Yes
IBM Yes
Accenture Yes
Electronic Data Systems No

These checks were performed on July 13, 2007

References

  1. http://uhaweb.hartford.edu/COHN/largest_commercial_banks.htm
  2. http://mxtoolbox.com/spf.aspx