Re: [exim] Anti Phishing ACL

Pàgina inicial
Delete this message
Reply to this message
Autor: Ian Eiloart
Data:  
A: exim-users
Assumpte: Re: [exim] Anti Phishing ACL


--On 30 October 2008 12:05:53 +0000 neil <neil@???> wrote:

> I've been trying to stop these bank phishing mails. Rather than trying
> to get the banks to implement DK, DKIM or SPF so I can check against
> that, I have the snippet below.


That's useful. It's shocking that most of these banks haven't implemented
SPF. I guess that an SPF check before using your snippet might help. I've
checked to see which on your list do implement SPF - at
<http://www.kitterman.com/spf/validate.html>. Of course, none of this helps
if the phishers don't use these domains!

#abbey.co.uk
#abbeynational.co.uk
#abbey.com
alliance-leicester.co.uk
americanexpress.com
   v=spf1 include:aexp.com ~all
#barclays.com
barclays.co.uk
egg.com
halifax.co.uk
#hsbc.co.uk
    v=spf1 mx ip4:193.108.72.63 ip4:193.108.75.63 ~all
hsbc.com
        v=spf1 mx ip4:212.249.34.148 ip4:208.131.51.20 ip4:63.95.36.174
    ip4:204.178.86.20 ip4:203.112.80.9/20 ip4:193.108.72.63/21
    ip4:212.11.24.10/26 ip4:195.68.113.10/26 ip4:85.119.232.200 ~all


#lloydstsb.co.uk
lloydstsb.com
#natwest.com
    v=spf1 ip4:155.136.0.0/16 ip4:209.202.164.3 ip4:209.202.164.124
    ip4:209.202.164.125 ip4:209.202.164.127 ip4:209.202.164.128
    ip4:64.28.91.221 ip4:62.105.122.12 ip4:83.100.142.14 ip4:194.150.182.18
    ip4:194.150.182.25 -all


#natwest.co.uk
#nwolb.com
paypal.com
    v=spf1 mx include:spf-1.paypal.com include:p._spf.paypal.com
    include:p2._spf.paypal.com include:s._spf.ebay.com
    include:m._spf.ebay.com include:c._spf.ebay.com
    include:silverpop.paypal.com include:walkerinfo.paypal.com ~all
    spf2.0/pra mx include:s._sid.ebay.com include:m._sid.ebay.com
    include:p._sid.ebay.com include:c._sid.ebay.com
    include:spf-2._sid.paypal.com include:silverpop._sid.paypal.com
    include:walkerinfo._sid.paypal.com ~all


rbs.com
    v=spf1 ip4:155.136.0.0/16 -all
#rbs.co.uk
    v=spf1 ip4:155.136.0.0/16 -all
#rbsdigital.com
#rbsdigital.co.uk
#sainsburysonline.com
#ybonline.co.uk


And, my bank:
smile.co.uk
v=spf1 mx:cfs.co.uk include:foretelsystems.com -all

--
Ian Eiloart
IT Services, University of Sussex
x3148