Re: [exim] Anti Phishing Trick

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MMichael Johnson at <-
MAlan J. Flavell at ->
Delete this message
Reply to this message
Author: Marilyn Davis
Date:  
To: David Woodhouse
CC: exim-users, Nigel Metheringham
Subject: Re: [exim] Anti Phishing Trick
On Wed, 24 Aug 2005, David Woodhouse wrote:

> On Wed, 2005-08-24 at 09:37 -0700, Marilyn Davis wrote:
> > Another thought: it could be considered legitimate for a bank to
> > expect that the email address you list with them is a direct email
> > address. Certainly you change your snail mail address with them when
> > you move.
>
> $DEITY no. I don't have the wit or patience to remember to change my

Ha ha. $DIETY. I really like that.

> snail mail address with people when I move. I certainly wouldn't want to

Anyway, my suggestion only rejects failed-SPF messages when the
received address is in the To: header. So, forwarded phish goes right
through.

And, rethinking, even if you have 2 addresses with your bank, where
one forwards to the other, this also is not a problem. When your bank
sends legitimate mail to the 2 addresses, the one that is not
forwarded will pass SPF. The one that is forwarded will fail, since
it will seem to be not forwarded. But you'll get one message from the
bank, which is enough.

And with phish, you'll only get one of the messages, the forwarded one.

So, this is looking somewhat valuable to me, a little bit of baby in
the bathwater.

Thank you again.

Marilyn

> change my email address too -- one lifetime address which forwards to
> wherever I happen to be is what these people will be given.
>
>

--




This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[exim] no immediate delivery[exim] Re: no immediate delivery->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)