Hi !!
> Yes. Another point, however, is that, for your bank, you might want
> to give (just) them your unforwarded email address, or an address that
> forwards from a system does rely on SPF, ... or you'll get phish
> unless it is caught via some other mechanism. It's something to
> suggest to customers who get phish forwarded to them.
all of this requires a great effort, and at the end pishers could easly
pass through this systems. The real problem with pishing are dumb users,
they also will end giving their bank details when pishing comes from
senders outside the bank's domain or from domains similar to the bank's
domain (bbvanet.com -> bbvacom.net). At the end the users don't see the
envelope sender, they only see the To: header, and in turn every
misspelled variation of the real bank's domain could also be used on
the To: and many users will not realize of this.
--
Best regards ...
----------------------------------------------------------------
David Saez Padros http://www.ols.es
On-Line Services 2000 S.L. e-mail david@???
Pintor Vayreda 1 telf +34 902 50 29 75
08184 Palau-Solita i Plegamans movil +34 670 35 27 53
----------------------------------------------------------------