Ned Slider a écrit :
> [snip]
> I
> would really like to see the creation of a tld along the lines of .bank,
> and make it like .gov or .edu (ac.uk) where only confirmed banks and
> financial institutions can register such domains.
my $devil{"advocate"}->mode = $status->enabled;
and after banks, operators/ISPs (.isp?). then next come amazon, ebay,
.... (what tld should we use here?). then come software and hardware
vendors (microsoft, cisco, ...), I guess a .vnd should do? then
consulting companies... etc. then at some point, we cover every organization
die $smiley->print;
> That combined with
> mandatory DKIM and/or spf would make it a lot easier to spot and stop
> the phishing but I think we are a long way from anything that
> coordinated actually happening.
>
> It's been said before on this list, but it doesn't help when banks have
> multiple domain names and often mix and match domains/URLs in the same
> email (goes to demonstrate their lack of understanding).
>
Is phishing really a problem for banks? I don't think so. Risk is their
job and they handle it in a way that always worked for them (push as
much losses to customers). As we say in .fr, "on ne change pas une
équipe qui gagne" (literally: "don't replace a winning team").
now, if every email user sends me 1 Euro, I'll open a bank and I promise
to setup DKIM, SPF and a whole lot of funny other things. and I'll make
it green, equitable, future-proof, crisis-resilient, here->map(%buz) ;-p
> In the meantime I'm left working on the basis that for the large part,
> banks simply don't send email to my clients so *any* email claiming to
> be from a bank is immediately highly suspicious and could probably be
> scored well on the way to being spam.
>
I personally use dedicated addresses for banks, amazon, ISPs, ... etc.
if they leak, I detect that (and I complain, disbale the address and
give them a new one). if they don't, their mail gets in. and all
forgeries to other addresses are caught.
