Internet Spam

eBay and banks need to implement SPF and Domain Keys

eBay and banks really need implement SPF, Sender Policy Framework and DomainKeys. There I said it.

I see quite a few Phishing attacks every day. And just about all of them aren’t caught by SpamAssassin. Technically they aren’t spam, so that does make sense. But what bothers me is that this is easy mitigate for many potential victims. If eBay and banks supported SPF and DomainKeys, it would be much easier for a filter to tell if the message is legitimate or not. Check out this sample SpamAssassin header from a eBay phishing email I received:

X-Spam-Level: **
X-Spam-Status: No, score=3.0 required=5.0 tests=BAYES_50,HTML_IMAGE_ONLY_28,
	MIME_HTML_ONLY autolearn=no version=3.1.0

That’s really not much in this otherwise pretty bad email. The IP of origin isn’t even in North America (it’s Pacific Rim).

Perhaps it’s time to start a campaign to urge institutions subject to having their name used in these attacks to start using a method like SPF and DomainKeys. A mail provider could then throw out emails that don’t match. Anyone know why they still don’t implement one or both of these methods?

It seems to me they could easily take a giant step to solve the problem. I know Google’s Gmail knows about SPF, and Yahoo knows about DomainKeys. That’s two major email providers right there.

2 replies on “eBay and banks need to implement SPF and Domain Keys”

I’ve had great success detecting Phishers via ClamAV [] While Phishing isn’t _really_ a virus, they are viral, and need to be treated as such. It’s detection is just getting better and better.

Other things I’ve done to fight this junk; Postgrey (greylisting daemon for Postfix), Dcc (distributed checksums), Razor2 all tied together with MailScanner.

Also, to help pollute Phisher’s databases, get a URL from a phishing email and go here:

And here’s my running commentary on the issue:


Leave a Reply

Your email address will not be published. Required fields are marked *