September 28, 2004
In the past week or two, I've received dozens of "phishing" emails (despite my ISP's use of the Spamhaus Block List to filter out spam). Most of the emails claim to be from Citibank.com, WellsFargo.com, or PayPal.com. I decided to check whether any banks or online financial institutions were using Sender Policy Framework (SPF), the new technology being proposed to solve email spoofing. I was surprised to learn that not a single major bank has published an SPF record. But, as I wrote in a new article for the O'Reilly Network, SPF Not Poisonous to Phish, banks may have a good reason for not climbing on the SPF bandwagon. In short, SPF doesn't really prevent phishing attacks.
Posted by Brian at 12:57 PM
Welcome to my blog. In a couple weeks, O'Reilly will publish Spam Kings, my book about spammers and the activists who are trying to drive them off the Internet. I plan to use this blog to post some extras for readers, such as audio files, photos, documents, links, etc., that I couldn't include in the paper book. Since I tend to keep a close eye on the spam scene, I'll regularly be adding entries about other happenings in spamland as well. (FYI, my personal homepage, which has links to article clips and contact info, is at brianmcwilliams.com.)
Posted by Brian at 12:55 PM