On Mon, 6 Sep 2004, Sean Donelan wrote: Hrmmm, perhaps this hasn't been thought of yet, but this is a serious idea for things like spamassassin, or the like. For this list of domains, a decent twofold effort could happen: 1) A decent push on the part of pobox.com (previously, their focus has been on protecting lots of senders, like AOL, or Earthlink), rather than commonly-forged-phishers, to get these folks on board. 2) A big old warning (possibly for these domains themselves to opt into) as a "we know we're high risk but we have an SPF record, please check it" RDNSL. It could even be used in some cases with SpamAssassin to inject a link into the email for the location to report such forgeries. (Such info could be kept in the RDNSL, for example). Knowledge is Power. -Dan
Although SenderID (or whatever the final name is) is not completed yet, SPF has been around for a while and some people have been using it. But who? Do domains with SPF records have fewer phishing attacks? Fewer virus bounce-backs? Fewer spam forgiers?
According to the Anti-Phishing Working Group, these are the most phished companies. How many are using SPF? I checked the most obvious domain name for the companies (.COM and their country variant e.g. .CO.UK)
Company Name Has SPF TXT record
Citibank NO eBay NO US Bank NO Paypal NO Fleet NO LLoyds NO Barclays NO AOL YES Halifax NO Westpac NO FirstUSA NO VISA NO Earthlink YES e-gold NO Bank One NO Bendigo NO HSBC NO MBNA NO Suntrust NO Verizon NO
-- "there is no loyalty in the business, so we stay away from things that piss people off" -The Boss, November 12, 2002 --------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org ---------------------------