One good way to fight bank email phishing is to send all your official bank email from servers whose forward confirmed reverse DNS resolves back to their domain name. For example, Wells Fargo Bank does it right. Everything that comes from Wells Fargo is sent by a host named *.wellsfargo.com. So if it matches that, it’s good and if it doesn’t — it’s spam. Same is true for PayPal, but not Bank of America. I have an email from them that is real, but the host name it came from is tr202154.cv47.net. So as a spam filtering operation how am I supposed to know that cv47.net is really Bank of America? Why can’t they send email from *.bankofamerica.com servers like secure banks do?
But – I guess it doesn’t matter because they are getting bailout money so they can afford to subsidize the Russian mafia and make it up in higher credit card fees to honest people. But it’s clear to me that their IT department doesn’t give a f**k about fraud or security or they would at least take some minimal precautions to help people avoid getting ripped off.
As soon as you introduce third party email services you’re going to see cases where clue-impaired and sketchy operators can’t properly maintain DNS entries for each campaign.
Have to wonder what your Authentication-Results: headers look like though. Did the message pass an SPF check? I can see that BofA created a record to delegate that to Conversen, but maybe Conversen screwed the pooch. Also, was any signing technology like DK/DKIM used, and did that verify?
You ultimately have to make your own choices about what you’ll accept, and if you’ll only accept FCrDNS-checked messages then good luck. But BofA isn’t the only company you’ll have an issue with…
I think ther’s some confusion here about messages that are “spam” versus messages that are “phish.” There is a very important distinction: the definition of SPAM is pretty subjective. However the definition of phish is not. Which one are we talking about here?
Marc seems like a smart enough guy that he took a look at the e-mail headers and figured out that an e-mail from bank of america came from a third-party sender. He seems to want all e-mail from bank of america to come from a machine that has a DNS record with something like .bankofamerica.com in it. Sounds fair, but also difficult especially since it’s a fairly large company. Here’s another idea.
How about if bank of america used some kind of tag on their messages to indicate they were legitimately from them?
I took a look at some legit e-mail I got from Bank of America, the customer loyalty e-mail similar to what Marc received, and there are SPF records authorizing those for bank of america’s domains. So, they actually *have* done something to allow systems to validate e-mail from them. Some other e-mail I get from them has DKIM signatures on it, so I know they are working on that too.
Maybe instead of switching banks, we should also go to our ISPs and spam vendors and ask them to start paying attention to the e-mail authentication protocols as well?
# 18 ran6110 said, “Check it out! Bailout Recipients Hosted Call To Defeat Key Labor Bill”
God! I read “the Employee Free Choice Act “. Amazing that they want to do away with secret balloting for Unions. How scary is that? Bunch of thugs.
bankofamerica.online_link@emailaccount.com
is this a valid email account of boa
Be aware of Domainsponsor scam company. This company operates under domainsponsor and oversee names and washes money via oversee company. Tax fraud and cheating is what they do. Stay away from them. Classaction lawsuit is coming.
Hi,
Really Fantastic post, just found This blogpost feed from Digg upcomming New Story Section. Great post & Very usefull all of us.
Keep it up!
David