Email Authentication

From EggeWiki
Revision as of 22:59, 12 July 2007 by Brianegge (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

The battle against email spam has long been an interest of mine. Recently, I've had a couple of situations making me look into the current state of spam detection and avoidance. Specifially:

  • ThoughtWorks contracted MessageLabs to filter all inbound email. More and more companies are setting up spam filters, but fewer companies and looking into how to prevent their own email from getting filtered.
  • A new project at an Australian Bank is sending email to clients. Nothing has been done to see how we can send email and help reduce phishing, or how customers can verify that an email was actually send by the bank.

There are several technologies which help spam filters fitler spam. This includes DomainsKeys, SPF, and SenderID. SPF is probably the easiest to implement, so I thought I'd check to see which major banks are using it. Here's the results:

Largest US Commercial Banks <ref>http://uhaweb.hartford.edu/COHN/largest_commercial_banks.htm</ref>
Name Has an SPF record
Bank of America Corp. Yes
Citigroup Yes
Chase Yes
National City Corp No
JPMorgan Yes
Wachovia Yes
Wells Fargo Yes
US Bank Yes
SunTrust Banks No

Now lets take a look at Australia:

Australian Commercial Banks <ref>http://uhaweb.hartford.edu/COHN/largest_commercial_banks.htm</ref>
Name Has an SPF record
ANZ No
Commonwealth Bank No
HSBC Australia Yes
Macquarie No
National Australia Bank No
WestPac No
St. George No