A Weblog About Topics and Issues Discussed in the Book Spam Kings by Brian McWilliams

Main | October 2004 �

September 28, 2004

Phish poison

In the past week or two, I've received dozens of "phishing" emails (despite my ISP's use of the Spamhaus Block List to filter out spam). Most of the emails claim to be from Citibank.com, WellsFargo.com, or PayPal.com. I decided to check whether any banks or online financial institutions were using Sender Policy Framework (SPF), the new technology being proposed to solve email spoofing. I was surprised to learn that not a single major bank has published an SPF record. But, as I wrote in a new article for the O'Reilly Network, SPF Not Poisonous to Phish, banks may have a good reason for not climbing on the SPF bandwagon. In short, SPF doesn't really prevent phishing attacks.

Posted by Brian at 12:57 PM


Welcome to my blog. In a couple weeks, O'Reilly will publish Spam Kings, my book about spammers and the activists who are trying to drive them off the Internet. I plan to use this blog to post some extras for readers, such as audio files, photos, documents, links, etc., that I couldn't include in the paper book. Since I tend to keep a close eye on the spam scene, I'll regularly be adding entries about other happenings in spamland as well. (FYI, my personal homepage, which has links to article clips and contact info, is at brianmcwilliams.com.)

Posted by Brian at 12:55 PM

Weblog authors are solely responsible for the content and accuracy of their weblogs, including opinions they express,
and O’Reilly Media, Inc., disclaims any and all liability for that content, its accuracy, and opinions it may contain.

All trademarks and registered trademarks appearing on spamkings.oreilly.com are the property of their respective owners.

O'Reilly Home | Privacy Policy

© 2004 O'Reilly Media, Inc.
For assistance with this site, email: