A Weblog About Topics and Issues Discussed in the Book Spam Kings by Brian McWilliams

« Welcome | Main | Update on USA vs Smathers et al. »

September 28, 2004

Phish poison

In the past week or two, I've received dozens of "phishing" emails (despite my ISP's use of the Spamhaus Block List to filter out spam). Most of the emails claim to be from Citibank.com, WellsFargo.com, or PayPal.com. I decided to check whether any banks or online financial institutions were using Sender Policy Framework (SPF), the new technology being proposed to solve email spoofing. I was surprised to learn that not a single major bank has published an SPF record. But, as I wrote in a new article for the O'Reilly Network, SPF Not Poisonous to Phish, banks may have a good reason for not climbing on the SPF bandwagon. In short, SPF doesn't really prevent phishing attacks.

Posted by brian at September 28, 2004 12:57 PM


Weblog authors are solely responsible for the content and accuracy of their weblogs, including opinions they express,
and O’Reilly Media, Inc., disclaims any and all liability for that content, its accuracy, and opinions it may contain.

All trademarks and registered trademarks appearing on spamkings.oreilly.com are the property of their respective owners.

O'Reilly Home | Privacy Policy

© 2004 O'Reilly Media, Inc.
For assistance with this site, email: