[Asrg] where the message originated (was: DKIM role?) (SM)

[Ian Eiloart]

--On 19 January 2009 16:02:19 -0800 SM <sm at resistor.net> wrote:

>
> At 13:55 19-01-2009, Rich Kulawiec wrote:
>> That's an excellent point.  In addition, I would prefer my bank to
>> (a) not outsource their mail, (b) not send mail marked up with HTML
>> (the phisher's best friend) and (c) not send mail which includes any
>> URLs in the text.
>
> The economy and specialization works in favor of (a) and marketing in
> favor of (b).

Yes, but legislation requiring banks to do sensible things here, is 
feasible. At least, it is in the UK and probably elsewhere given their 
current reputation for incompetence.

Actually, it's not the outsourcing that's the problem. They just need to do 
that properly, with sensible return-paths and appropriate SPF records.

If banks were doing that properly, it would be easier for ESPs to detect 
phishing, then you could conceivably hold them responsible when they fail 
to do so.
-- 
Ian Eiloart
IT Services, University of Sussex
x3148