ietf-asrg
[Top] [All Lists]

Re: [Asrg] whitelisting links (was Re: misconception in SPF)

2012-12-11 10:00:45
On 11/12/2012 14:52, John Johnson wrote:
Michael Thomas wrote:

Anybody who thinks that using HTML or outsourcers are "worst
practices" is part of the problem, not part of the solution.
   I highly disagree.  A local bank just hired an outside firm to
   spam a "newsletter" to their customers in my area. It was quite
   difficult to tell if it was legitimate, as the bank had published
   SPF records, yet failed to provide the ip's of the outsourcers
   servers. And then used the banks domain name as the source.

   This should not be acceptable behavior, especially for a financial
   institution. It trains their customers to just accept anything
   and everything, they should be setting the bar, not lowering it.

+1

Banks can use outsourcing for their mail, that's fine, but they should seriously consider the implications. It's fairly obvious that most banks don't.

There are things that an email outsource & bank can do together to keep things secure - and OBVIOUSLY secure, but it's clear that neither most banks nor email newsletter companies actually understand email enough to be using it in this way.



-

Paul Smith Computer Services
Tel: 01484 855800
Vat No: GB 685 6987 53
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg

<Prev in Thread] Current Thread [Next in Thread>