Author: Marilyn Davis Date: To: David Woodhouse CC: exim-users, Nigel Metheringham Subject: Re: [exim] Anti Phishing Trick
On Wed, 24 Aug 2005, David Woodhouse wrote:
> On Wed, 2005-08-24 at 09:37 -0700, Marilyn Davis wrote:
> > Another thought: it could be considered legitimate for a bank to
> > expect that the email address you list with them is a direct email
> > address. Certainly you change your snail mail address with them when
> > you move.
>
> $DEITY no. I don't have the wit or patience to remember to change my
Ha ha. $DIETY. I really like that.
> snail mail address with people when I move. I certainly wouldn't want to
Anyway, my suggestion only rejects failed-SPF messages when the
received address is in the To: header. So, forwarded phish goes right
through.
And, rethinking, even if you have 2 addresses with your bank, where
one forwards to the other, this also is not a problem. When your bank
sends legitimate mail to the 2 addresses, the one that is not
forwarded will pass SPF. The one that is forwarded will fail, since
it will seem to be not forwarded. But you'll get one message from the
bank, which is enough.
And with phish, you'll only get one of the messages, the forwarded one.
So, this is looking somewhat valuable to me, a little bit of baby in
the bathwater.
Thank you again.
Marilyn
> change my email address too -- one lifetime address which forwards to
> wherever I happen to be is what these people will be given.
>
>