-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In message <[EMAIL PROTECTED]>, Marc Perkel <[EMAIL PROTECTED]> writes
>Here's an anti phishing trick I came up with. The idea is that major >corps will have received lines that match the domain in the from >address. as others have observed this is a hard assertion to test for a counter-example, "frequent flyer" emails from KLM and Air France (and probably other airlines as well) [and frequent flyer accounts are just like money in many ways] come from "edt02.net" (who appear to be a French mass mailing company). Also, in the UK, several of the "online banks" seem to send at least some of their email through servers which are not branded as their own (no hard examples to hand, sorry). So although extensive research (testing doesn't seem quite the word for the process that is required) may ensure that your technique is appropriate for your list of domains, there are limits as to how far you can extend it. >Paypal email must come from paypal servers. This is driven from >a list of institutions to test. Feedback appreciated. others have already commented upon the relationship of your scheme with SPF... as we all know a big problem with SPF is forwarded email; at least your scheme will not reject a genuine Wells Fargo email that has been forwarded to one of your users since it parses ALL the Received lines (instead of looking at just the source) However, that's a teensy little flaw in your scheme, since if the phisher preloads a Received: header line with the name of the bank in it, then your system will flag it as valid :( Of course, phishers would never bother to adapt to their environment, so that's all right... ># Verify large institutions to prevent phishing - paypal - ebay - banks I'd suggest recasting the comment to be less dogmatic (and also suggest that this sort of heuristic is more appropriate to often-updated systems with many shades of grey (such as SpamAssassin) rather than a yes/no decision in the MTA). - -- richard Richard Clayton They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. Benjamin Franklin -----BEGIN PGP SIGNATURE----- Version: PGPsdk version 1.7.1 iQA/AwUBQwwsvpoAxkTY1oPiEQIvdwCfZsXLmKsnQaWz5OnJjk2cOnsfc7AAnjIU LVQObSt8BGHVSA79c1ECKGm2 =nEkK -----END PGP SIGNATURE----- -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
