Joseph Brennan said: > Many banks also send mail from third-party servers. Bank of America sends from > customercenter.com and par3.com. American Express sends from aexp.com (which is > theirs) and cheetahmail.com. Some send from bigfoot. It's only personal bank > account information-- why keep the data in-house? :-)
> I've noticed those citi mismatches too. Sometimes the PTR and A records are even > confused as to which citi* domain the host is in. > Anyway-- not finding the bank domain a Received header is _not_ good enough to > call it a phish. It would be nice if it were so. They _usually_ have good SPF > records, but I've seen a major bank leave off their third-party mailer. Actually, whether they like it or not, they are phishing themselves. We should be marking ALL such behaviour as phishing and hope that the banks (etc) finally get a clue. I certainly wouldn't trust my money with an outfit that was that clueless about security. Cheers, Phil -- Phil Randal Networks Engineer Herefordshire Council Hereford, UK
