Re: Pastebin for spam examples

[Matt Kettler]

Kenneth Porter wrote:
> On Monday, March 30, 2009 10:15 PM +0200 KarstenBräckelmann
>  wrote:
>
>> There's a reason, pastebins (just like URL shortener services) are
>> implementing spam filtering and various other spam/bulk counter-
>> measures. That's because they have been abused by spammers.
>>
>> Creating a dump to put your spam is like an invitation to spammers, a
>> free pay-load hosting service to point URLs in spams to. That's exactly
>> what happened, and subsequently the services got listed on RBLs while
>> they have been abused.
>
> Hence a good reason to host by an anti-spam organization, with big red
> letters across the top saying THIS IS SPAM, DON'T BUY FROM THESE
> PEOPLE. With a little clever coding you could force random
> spam-clickers to click through a few pages of discouragement before
> getting to the posted file.
>
> Why would it be bad to add the site to a URIBL? This would be like a
> honeypot, and you could score a huge value for your own site created
> just for the purpose.
>
Well, if it was in URIBL/SURBL, you couldn't use it to post samples to
this mail list, which is kinda the purpose, isn't it?

This list is filtered by SA, because it runs through the same servers as
all the apache lists. A single URL that is listed in multiple URI
blacklists IS enough to kill the message, which is why using pastebin
became common practice here.

but if your proposed "spambin" can't be used when posting to the list,
because it's in all the URI blacklists, then it doesn't really serve any
purpose, does it?

Re: Pastebin for spam examples

[Kenneth Porter]

On Monday, March 30, 2009 10:15 PM +0200 KarstenBräckelmann 
 wrote:



There's a reason, pastebins (just like URL shortener services) are
implementing spam filtering and various other spam/bulk counter-
measures. That's because they have been abused by spammers.

Creating a dump to put your spam is like an invitation to spammers, a
free pay-load hosting service to point URLs in spams to. That's exactly
what happened, and subsequently the services got listed on RBLs while
they have been abused.


Hence a good reason to host by an anti-spam organization, with big red 
letters across the top saying THIS IS SPAM, DON'T BUY FROM THESE PEOPLE. 
With a little clever coding you could force random spam-clickers to click 
through a few pages of discouragement before getting to the posted file.


Why would it be bad to add the site to a URIBL? This would be like a 
honeypot, and you could score a huge value for your own site created just 
for the purpose.

Re: RFC's suck

[Kenneth Porter]

On Monday, March 30, 2009 2:13 PM -0600 LuKreme  wrote:


The changes (RFC2822) did not change enough.  What is really needed is
SoSMTP (Son of SMTP) defined for port 26.  It would be 8bit compatible
and would NOT be backward compatible with current SMTP.  It would not
have folding of headers lines and it would have exact standards on every
header (the precise format of every date, for example).  Any message that
failed to be to the standards would be rejected for transfer on port 26.
Of course, it would require a valid SASL chain on all servers from source
to destination.


Ah, yes: SMTP is 7-bit and line-oriented, and those contributed to the 
faults in RFC2822. Allowing 8-bit and unlimited line length would largely 
eliminate the encoding and wrapping issues that the video covers.


I don't know what SASL addresses. Does it somehow eliminate anonymity of 
the sending server?


Putting this on a distinct port seems more a marketing thing. Why not add 
it as a capability in a normal SMTP server?


Messages that advertise strict compliance and pass a validator could be 
given a suitable negative "reward" score by SA. (Probably a batch of meta 
scores that null out some normal rules that invalid messages would be 
subject to.)

Re: New kind of spam

[Jeff Mincy]

   From: Arvid Ephraim Picciani 
   Date: Wed, 25 Mar 2009 16:59:58 +0100
   
   http://codepad.org/W53onqK9
   
   i gave on this kind of spam.  its impossible to train bayes and changing 
   to fast to make custom rules. ...
   
What do you mean "its impossible to train bayes"?
Bayes really can be trained to deal with this message.
For example, I get BAYES_95:

  wget -O - -q http://codepad.org/W53onqK9/raw.txt | spamc | /bin/fgrep --text 
X-Spam-Bayes
  X-Spam-Bayes: bayes=0.9679, N=50(29-2+11), ham=(sort, doing), 
spam=(UD:spaces.live.com, UD:live.com, UD:entry, dawn, 
HX-Mozilla-Status2:)

After I learn this message the probability increases to BAYES_99

  % wget -O - -q http://codepad.org/W53onqK9/raw.txt | sa-learn --spam
  Learned tokens from 1 message(s) (1 message(s) examined)
  % sa-learn --sync
  % wget -O - -q http://codepad.org/W53onqK9/raw.txt | spamc | /bin/fgrep 
--text X-Spam-Bayes
  X-Spam-Bayes: bayes=1., N=50(47-2+29), ham=(sort, doing), 
spam=(UD:spaces.live.com, UD:live.com, UD:entry, dawn, 
HX-Mozilla-Status2:)

Note that Bayes has determined that UD:spaces.live.com is a spam sign.

The X-Spam-Bayes header is added with
  add_header all Bayes bayes=_BAYES_, 
N=_BAYESTC_(_BAYESTCLEARNED_-_BAYESTCHAMMY_+_BAYESTCSPAMMY_), 
ham=(_HAMMYTOKENS(5,short)_), spam=(_SPAMMYTOKENS(5,short)_)

-jeff

RE: update overkill (was: help lowering score on a specific emaillist situation)

[Karsten Bräckelmann]

On Sun, 2009-03-29 at 13:55 -0700, RobertH wrote:
> Previously, Karsten Bräckelmann wrote:

> > The most part of this discussion isn't specific to you, nor 
> > SA. It's a well-known, general problem when running update 
> > services. It isn't meant to be a decree either, it's partly 
> > my opinion, partly best-practices.
> > 
> > You shouldn't take it personally.
> 
> not taking it personally.  :-)

> I really believe the wiki should be modified and have more info in regards
> to making decisions. like not less than such and such hours and typically
> not more than such and such day.

Generally, I do agree. These docs could be enhanced. On the other hand
though, I don't like editing wikis. Anyone is free to update the wiki
docs based on the more in-depth answers vented on-list. Where I feel at
home, unlike a wiki. ;)


> i was *genuinely* thanking you for humbling my day.

Now I understand, I guess. Thanks, Robert.

  guenther


-- 
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}

RE: sa-update: determining last run? Not in /var/lib/spamassassin

[Dennis G German]

 >  spamassassin --version
SpamAssassin version 3.2.4
  
 > ls -l /var/lib/spamassassin
 drwxr-xr-x 3 4096 Oct 16 18:27 compiled/3.002004 ...


The ONLY directory under /var/lib/spamassassin 
is
compiled 

and it does not contain any .cf files,
nor do any of the subdirectories

PS
Sorry for the previous poorly worded post as I was 
thrown after finding we are using an old version!

Re: Pastebin for spam examples

[Karsten Bräckelmann]

On Mon, 2009-03-30 at 17:24 -0400, Rob McEwen wrote:
> Karsten Bräckelmann wrote:

> > There's a reason, pastebins (just like URL shortener services) are
> > implementing spam filtering and various other spam/bulk counter-
> > measures. That's because they have been abused by spammers.

> It seems like a simple solution is to password protect the paste bin...

Another counter-measure. It /might/ work.

Regarding the original problem, I'm not convinced anyway that checking
some "headers" is the way to go, as stated as the reason. Why should a
pastebin care about Received headers or even know the concept? It should
check the content, information provided. Email headers and IP addresses
are worthless and just plain junk for displaying content.


> with a user name and password p in clear view. Pastebins don't make for
> a good presentation of spammers' content

Neither does bugzilla. Yet abuse by spammers isn't unheard of...

> since they only show the raw text.

And spammers don't use text/plain messages, showing raw text. Neither do
they assume a user would actually type in what barely looks like a URL.
Or send a password protected archive, to spread malware.  Right? ;)

Spammers will try. And users will fall for it.


-- 
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}

Re: sa-update: determining last run? Not in /var/lib/spamassassin

[Daniel J McDonald]

On Mon, 2009-03-30 at 14:23 -0400, RWS* wrote:
> >
> Thanks very much.
> Bad assumption (on my part too) !
>   >  spamassassin --version
>SpamAssassin version 3.2.4
> Gawk
> 
>  > ls -l /var/lib/spamassassin
> drwxr-xr-x 3 4096 Oct 16 18:27 compiled/3.002004 ...
> does not contain any .cf files!

Not /compiled/...


ls -l /var/lib/spamassassin/3.002004/updates_spamassassin_org.cf
head -1 /var/lib/spamassassin/3.002004/updates_spamassassin_org.cf
dig 4.2.3.updates.spamassassin.org txt +short
> 
> ls -l /var/lib/spamassassin/compiled/3.002004/
>  Mail/
>   auto/
>  76115 Oct 16 18:27 bases_body_0.pl
> 
> 
>  > dig 5.2.3.updates.spamassassin.org txt +short
>   "759778"
> 
> Any additional thoughts?
> 
> On Mar 30, 2009, at 13:16, McDonald, Dan wrote:
> > Asumming you are running 3.2.5, then:
> >
> > $ ls -l /var/lib/spamassassin/3.002005/updates_spamassassin_org.cf
> > will tell you the date it last updated the rules
> >
> > $ head -1 /var/lib/spamassassin/3.002005/updates_spamassassin_org.cf
> > will tell you the version last downloaded
> >
> > $ dig 5.2.3.updates.spamassassin.org txt +short
> > will tell you the current version available
> 
> > On Sun, 2009-03-29 at 17:41 -0400, Dennis G German wrote:
> >>
> >> Is there a way I can determine when sa-update was last run?
> PS ALL: Sorry for multiple postings originally.

Re: Pastebin for spam examples

[Rob McEwen]

Karsten Bräckelmann wrote:
> This won't work out. It's how it used to be...
>
> There's a reason, pastebins (just like URL shortener services) are
> implementing spam filtering and various other spam/bulk counter-
> measures. That's because they have been abused by spammers.
>
> Creating a dump to put your spam is like an invitation to spammers, a
> free pay-load hosting service to point URLs in spams to. That's exactly
> what happened, and subsequently the services got listed on RBLs while
> they have been abused.

It seems like a simple solution is to password protect the paste bin...
with a user name and password p in clear view. Pastebins don't make for
a good presentation of spammers' content since they only show the raw
text. So what are spammers after? The answer is simple---they want
links. A good paste bin ought to have meta tags telling the search
engines to not index the page. But spammers won't notice that and will
still try to post.

If the page is password protected (even with the password in plain
view), then it becomes obvious to all but the dumbest that the page is
off-limits to search engines. This is a good thing because such a paste
bin wouldn't be used as much by spammers, won't possibly convey "good
reputation" onto a spammer's web page, and will still be easily
accessible to those using it for legit purposes.

-- 
Rob McEwen
http://dnsbl.invaluement.com/
r...@invaluement.com
+1 (478) 475-9032

Re: New kind of spam

[Martin Gregorie]

On Mon, 2009-03-30 at 19:26 +0200, Benny Pedersen wrote:
> On Wed, March 25, 2009 17:59, Arvid Ephraim Picciani wrote:
> > http://codepad.org/W53onqK9
> 
> > and changing to fast to make custom rules.
> 
> use rules that catch on non fqdn would be a pointer
> 
I have a rule I wrote a few months ago that catches this. It marks
anything with a live.spaces.com URI in the body that wasn't sent from
live.spaces.com as spam.

If you don't like people from other domains punting live.spaces.com
URLs, then write yourself a similar rule. As Benny says, this stuff is
quite easy to catch with a long lasting rule. Its all of five lines
including the description.


Martin

Re: Pastebin for spam examples

[Karsten Bräckelmann]

On Mon, 2009-03-30 at 10:24 -0700, Kenneth Porter wrote:
> 
> > pastebin said the headers tripped the spam filter so i have to post this
> > way...
> 
> I've seen this complaint before. Perhaps SA or one of the other anti-spam 
> websites could host a pastebin for spam examples, that explicitly does NOT 
> run a spam filter on submissions?

This won't work out. It's how it used to be...

There's a reason, pastebins (just like URL shortener services) are
implementing spam filtering and various other spam/bulk counter-
measures. That's because they have been abused by spammers.

Creating a dump to put your spam is like an invitation to spammers, a
free pay-load hosting service to point URLs in spams to. That's exactly
what happened, and subsequently the services got listed on RBLs while
they have been abused.


-- 
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}

Re: RFC's suck

[LuKreme]

On 30-Mar-2009, at 11:52, Rik wrote:
The MAIL RFC's were conceives a long time ago and have had some  
changes.


The changes (RFC2822) did not change enough.  What is really needed is  
SoSMTP (Son of SMTP) defined for port 26.  It would be 8bit compatible  
and would NOT be backward compatible with current SMTP.  It would not  
have folding of headers lines and it would have exact standards on  
every header (the precise format of every date, for example).  Any  
message that failed to be to the standards would be rejected for  
transfer on port 26. Of course, it would require a valid SASL chain on  
all servers from source to destination.


Mail MTAs like postfix would then be able to first try port 26, and  
then only if that fails to connect, would they 'fall back' to port 25.


Eventually as people saw that ALL the spam came in on port 25, they  
would be motivated to change over.



Sure - the mail system is not ideal - however, with no RFC's we would
end up with closed, stupid proprietary systems that don't talk.


I'm a big fan of RFCs, but the state of email right now is a massive  
problem, and the various RFCs are a large part of the reason.


--
I AM ZOMBOR! (kelly) ZOMBOR!

Re: Pastebin for spam examples

[LuKreme]

On 30-Mar-2009, at 11:24, Kenneth Porter wrote:
--On Saturday, March 28, 2009 3:32 PM -0700 RobertH > wrote:


pastebin said the headers tripped the spam filter so i have to post  
this

way...


I've seen this complaint before. Perhaps SA or one of the other anti- 
spam websites could host a pastebin for spam examples, that  
explicitly does NOT run a spam filter on submissions?


There's dozens of pastebins out there.

--
Technically, Aziraphale was a Principality, but people made jokes
about that these days

Re: RFC's suck

[Kenneth Porter]

--On Monday, March 30, 2009 7:52 PM +0100 Rik  
wrote:



The MAIL RFC's were conceives a long time ago and have had some changes.
Sure - the mail system is not ideal - however, with no RFC's we would
end up with closed, stupid proprietary systems that don't talk.

Microsoft Exchange is one reason why RFC's are important :-)


While standards are useful, broken standards only encourage the development 
of closed systems (like Exchange) that aren't beholden to the status quo 
and have more freedom to enforce internal consistency. (Whether that is 
done is impossible to tell from outside, of course. Another benefit of 
standards, unrealized in the mail case, is that one can tell by inspection 
if an instantiation of the standardized item complies.)


With some other RFCs and other standards, there are reference 
implementations that can be used to test the standard itself. For example, 
ISC has written reference implementations for DNS and DHCP. Open Office can 
be used as a reference implementation for its document formats. What's the 
reference implementation for email message formats? AFAIK there is none. 
(I'd guess sendmail could be used to test SMTP compliance?)

Re: sa-update: determining last run? Not in /var/lib/spamassassin

[RWS*]

Thanks very much.
Bad assumption (on my part too) !
 >  spamassassin --version
  SpamAssassin version 3.2.4
Gawk

> ls -l /var/lib/spamassassin
   drwxr-xr-x 3 4096 Oct 16 18:27 compiled/3.002004 ...
does not contain any .cf files!

ls -l /var/lib/spamassassin/compiled/3.002004/
Mail/
auto/
76115 Oct 16 18:27 bases_body_0.pl


> dig 5.2.3.updates.spamassassin.org txt +short
 "759778"

Any additional thoughts?

On Mar 30, 2009, at 13:16, McDonald, Dan wrote:

Asumming you are running 3.2.5, then:

$ ls -l /var/lib/spamassassin/3.002005/updates_spamassassin_org.cf
will tell you the date it last updated the rules

$ head -1 /var/lib/spamassassin/3.002005/updates_spamassassin_org.cf
will tell you the version last downloaded

$ dig 5.2.3.updates.spamassassin.org txt +short
will tell you the current version available



On Sun, 2009-03-29 at 17:41 -0400, Dennis G German wrote:


Is there a way I can determine when sa-update was last run?

PS ALL: Sorry for multiple postings originally.

Re: RFC's suck

[Rik]

On Mon, 2009-03-30 at 10:32 -0700, Kenneth Porter wrote:
> This video was recently posted to the MIMEDefang list, and illustrates how 
> bad the RFC's for mail format are. No wonder SA has such trouble deciding 
> what's spam and what's legitimate. NOTHING is legitimate, due to problems 
> with the standards. (And this doesn't even discuss SMTP, just the format of 
> the message.)
> 
> > As seen at YAPC::NA::2008, "Email Hates the Living":
> >
> > http://video.google.com/videoplay?docid=7054401183589794595
> >
> > It's a good overview of how broken the RFCs are, with an extra helping
> > of zombie humour on top.  Worth a look if you have an hour to spare,
> > though some of the slides are a bit blurry.
> 
> Conference presentation abstract, with contact info:
> 
> 
> 

The MAIL RFC's were conceives a long time ago and have had some changes.
Sure - the mail system is not ideal - however, with no RFC's we would
end up with closed, stupid proprietary systems that don't talk.

Microsoft Exchange is one reason why RFC's are important :-)

RFC's suck

[Kenneth Porter]

This video was recently posted to the MIMEDefang list, and illustrates how 
bad the RFC's for mail format are. No wonder SA has such trouble deciding 
what's spam and what's legitimate. NOTHING is legitimate, due to problems 
with the standards. (And this doesn't even discuss SMTP, just the format of 
the message.)



As seen at YAPC::NA::2008, "Email Hates the Living":

http://video.google.com/videoplay?docid=7054401183589794595

It's a good overview of how broken the RFCs are, with an extra helping
of zombie humour on top.  Worth a look if you have an hour to spare,
though some of the slides are a bit blurry.


Conference presentation abstract, with contact info:

Re:

[Benny Pedersen]

On Wed, March 25, 2009 02:45, jcput...@mail.centreweb.co.za wrote:
> Can spamassassin miss hits or rules if it is running on a slow
> machine?

no its just takes longer, but out of mem is problem

make sure you not using swap, then it should be ok

-- 
http://localhost/ 100% uptime and 100% mirrored :)

Re: New kind of spam

[Benny Pedersen]

On Wed, March 25, 2009 17:59, Arvid Ephraim Picciani wrote:
> http://codepad.org/W53onqK9

listed in ZEN, and helo with non fqdn helo

> i gave on this kind of spam. its impossible to train bayes

no its not

> and changing to fast to make custom rules.

use rules that catch on non fqdn would be a pointer

> matching senders doesnt work either

whitelist on senders that does not change, and blacklist the rest :)

AWL helps on that

> becouse those are sent using live.com, gmail, sourceforge, etc

ZEN.SPAMHAUS.ORG in exim is checked ?

-- 
http://localhost/ 100% uptime and 100% mirrored :)

Pastebin for spam examples

[Kenneth Porter]

--On Saturday, March 28, 2009 3:32 PM -0700 RobertH  
wrote:



pastebin said the headers tripped the spam filter so i have to post this
way...


I've seen this complaint before. Perhaps SA or one of the other anti-spam 
websites could host a pastebin for spam examples, that explicitly does NOT 
run a spam filter on submissions?

Re: sa-update: determining last run

[McDonald, Dan]

On Sun, 2009-03-29 at 17:41 -0400, Dennis G German wrote:
> 
> Is there a way I can determine when sa-update was last run?

Asumming you are running 3.2.5, then:

$ ls -l /var/lib/spamassassin/3.002005/updates_spamassassin_org.cf
will tell you the date it last updated the rules

$ head -1 /var/lib/spamassassin/3.002005/updates_spamassassin_org.cf
will tell you the version last downloaded

$ dig 5.2.3.updates.spamassassin.org txt +short
will tell you the current version available

-- 
Daniel J McDonald, CCIE #2495, CISSP #78281, CNX
Austin Energy
http://www.austinenergy.com



signature.asc
Description: This is a digitally signed message part

Re: Looking for list of bank domains

[Joseph Brennan]

--On Monday, March 30, 2009 8:07 -0700 Marc Perkel  wrote:


Actually such a list might be a good idea. A list of sites people phish
for. The rule is as follows. If the from domain is on the list then that
domain has to also appear somewhere in the received lines or it's spam. I
think such a list would be useful.




Bad rule.

First, some banks send some of their mail via third-party mail companies.
This is covered by SPF in some cases.

Second, some banks have multiple domains and don't take care to match
the senders and hosts.  A choice example is citibank.com, citicards.com,
citigroup.com, citicorp.com.  Another is americanexpress.com, aexp.com.
I've seen others where banks merged but did not discontinue the fallen
flag domain, so you get mail from Bank A from servers still named after
totally different name Bank B.

You'd think banks and credit card companies would be extremely careful
about this stuff.  Ha ha ha.  They're not.

Joseph Brennan
Columbia University Information Technology

Re: Looking for list of bank domains

[Henrik K]

On Mon, Mar 30, 2009 at 07:40:50AM -0700, Marc Perkel wrote:
> I'd like to get a more complete list of banks or bank like institutions  
> and sites where hackers are trying to steal passwords to log into  
> people's accounts. Here's my small list. Like to get more. I might set  
> up an rbldns list of banks if this works out.

No comment on the goal, but people make these kind of lists for proxies.

For starters:

http://www.shallalist.de/categories.html
http://www.squidguard.org/blacklists.html

Re: spamassassin: Determining last sa-update

[Matus UHLAR - fantomas]

On 27.03.09 19:13, Dennis German wrote:
> I believe this is another cPanel issue.

then, post this to cpanel group, not here.

> Attempting to run sa-update displays:
>mkdir /etc/mail: Permission denied at /usr/bin/sa-update line 1226
> 
> How can I determine that last time sa-update was run?

sa-update should not modify rules in /etc/mail.
-- 
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows 2000: 640 MB ought to be enough for anybody

Re: Looking for list of bank domains

[Marc Perkel]

Matt Garretson wrote:

Marc Perkel wrote:
  

I'd like to get a more complete list of banks or bank like institutions
and sites where hackers are trying to steal passwords to log into
people's accounts. Here's my small list. Like to get more. I might set




What about webmail sites that people phish for?  And social 
networking sites?  And online stores?  And...


Trying to maintain a list of phishing targets will eventually 
converge with a list of all web sites.  :)


Why not just let bayes figure out which URLs appear most often 
in spam?  Maintaining a list by hand seems like a lot of effort.


-Matt

  


Actually such a list might be a good idea. A list of sites people phish 
for. The rule is as follows. If the from domain is on the list then that 
domain has to also appear somewhere in the received lines or it's spam. 
I think such a list would be useful.

Re: Looking for list of bank domains

[Matt Garretson]

Marc Perkel wrote:
> I'd like to get a more complete list of banks or bank like institutions
> and sites where hackers are trying to steal passwords to log into
> people's accounts. Here's my small list. Like to get more. I might set


What about webmail sites that people phish for?  And social 
networking sites?  And online stores?  And...

Trying to maintain a list of phishing targets will eventually 
converge with a list of all web sites.  :)

Why not just let bayes figure out which URLs appear most often 
in spam?  Maintaining a list by hand seems like a lot of effort.

-Matt

Looking for list of bank domains

[Marc Perkel]

I'd like to get a more complete list of banks or bank like institutions 
and sites where hackers are trying to steal passwords to log into 
people's accounts. Here's my small list. Like to get more. I might set 
up an rbldns list of banks if this works out.


2checkout.com
2co.com
abbey.com
abbey.co.uk
anz.com.au
aplfcu.org
banknorth.com
bankofoklahoma.com
bankofthewest.com
barclays.co.uk
bmm.com.au
boh.com
capitalone.com
careerbuilder.com
careercantre.com
centralbank.net
charterone.com
charteronebank.com
chase.com
chasebank.com
cibc.ca
citibank.com
citizensbank.com
clearmountainbank.com
csfcu.coop
cu.org
cuna.org
desjardins.com
downeysavings.com
e-gold.com
egg.com
eppicard.com
firstbanks.com
fleetbank.com
fnb.co.za
halifax-online.co.uk
hsbc.co.uk
hsbc.com
huntington.com
irs.gov
lasallebank.com
lcnb.com
lloydstsb.co.uk
matasano.com
maxfcu.com
mazuma.org
mbna.com
nafcu.org
natwest.co.uk
natwest.com
navyfcu.org
ncacu.org
nwolb.com
orangesavingsbank.com
paypal.com
pvfcu.org
raiffeisen.ro
rbc.com
rbcroyalbank.ca
rbcroyalbank.com
rbs.co.uk
regionsbank.com
royalbank.ca
royalbank.com
royalbankofcanada.com
southtrust.com
suntrust.com
suncoastfcu.org
suntrustbank.com
tcfbank.com
uboc.com
un.org
unionplanters.com
usbank.com
visa.com
wamu.com
wellsfargo.co.uk
wellsfargo.com

westernunion.com