a consumer sounding board:
Archives

Archive for the tag 'bailout'

Spammers, Phishers, and Thieves – Oh My!

Published 10/8/09 3:58 PM by whosucks   ( Comment )

It is bad enough that Bank of America has been taking billions of dollars from the taxpayers.  But through their technical ineptness, they are permitting spammers, phishers, and thieves to take even more money from Americans.

You might ask how can this be.  After all how could they be technically challenged – they run a huge on-line banking empire (paid for with our dollars no doubt).

They openly permit spammers, phishers, and thieves to steal their identity and send mail pretending to be from the bank.  These messages lead the user to a spoofed web site that pretends to be the bank – and there they get the “mark” to type in their user and password.  Once the bad guys have that information, they can clean the victims bank accounts out – and end up causing more losses for the bank and we all end up paying for.

bankofamerica.com uses a “sender id” tool called SPF – Sender Policy Framework.  It is a simple protocol where the bank publishes the addresses of the servers that are allowed to send mail as being from “@bankofamerica.com.”   It is very simple and every ISP in the world is able to see it.

This makes it easy for companies like mine that perform the service of checking mail for viruses/spam/phish/etc.  After all, if you know the only places mail could come FROM then you can check and refuse it if it is not.

But the tech wizards at bankofamerica.com must have been in the bottom half of their class or they are all on the payroll of the spammers, phishers, and thieves.

They set up their SPF record all right and it tells us exactly where mail should come from when it claims to be from bankofamerica.com – good so far!  Then they expressly instruct companies like mine to ignore that by instructing us to “soft fail” the e-mail.  It says the sending server is “NOT being allowed to send but is in transition” and that we should “accept but mark.”

They are telling us to go ahead and accept the mail from any spammers/phishers/and thieves that chooses to impersonate them – that they JUST DON’T CARE.

Thank you Bank of America – can I have another for the people that are footing the bill for your bailout!

There really ought to be a law that clearly says ANY institution that uses EMAIL or has an ONLINE presence and handles ANY sort of confidential information MUST use a proper SENDER ID technology to help stop the spammers, phishers, and thieves.

—for those who would like the details —

———-Headers on the above referenced mail———
Return-Path: <message@bankofamerica.com>
X-Original-To: snipped@snipped.net
Delivered-To: snipped@snipped.net
Received: from snipped (unknown [snipped])
by snipped (Postfix) with ESMTP id 68A5D1C6120
for <snipped@snipped; Thu,  8 Oct 2009 14:19:03 -0400 (EDT)
Received: from snipped ([snipped])
by snipped with esmtp ()
id 1MvxZr-0005Wr-00
for snipped@snipped; Thu, 08 Oct 2009 14:18:59 -0400
Received: from ip67-88-159-227.z159-88-67.customer.algx.net ([67.88.159.227]:42029 helo=SOILTECH-FS1.soiltech.local)
by snipped with esmtp (Exim 4.63)
(envelope-from <message@bankofamerica.com>)
id 1MvxZo-0001qd-La
for snipped@snipped; Thu, 08 Oct 2009 14:19:04 -0400
Received: from bankofamerica.com ([66.58.232.199]) by SOILTECH-FS1.soiltech.local with Microsoft SMTPSVC(6.0.3790.3959);
Thu, 8 Oct 2009 11:18:23 -0700
From: Bank of America <message@bankofamerica.com>
To: snipped@snipped
Subject:  Account Information
Date: 08 Oct 2009 10:18:24 -0800
Message-ID: <20091008101824.ED2BC8B2B7611025@bankofamerica.com>

——————

—-the content of the phish mail ———–

Bank of America

Dear Bank of America user,
You have 1 new ALERT message
Please login to your Bank of America Online
and visit the Message Center section in order to read the message.

To Login, please click the link below:

Go To Bank of America Online

Bank of America, N.A. Member FDIC. Equal Housing Lender
© 2009 Bank of America Corporation. All rights reserved.

————————–
—SPF record (from www.dnsstuff.com – note the ~all at the end)——–
You have an SPF record. This is very good, as it will help prevent spammers from abusing your domain. Your SPF record (I don’t check to see if it is well designed!) is:

“v=spf1 include:_sfspf.bankofamerica.com include:_txspf.bankofamerica.com include:_vaspf.bankofamerica.com include:_cfcspf.bankofamerica.com ~all”

—————————–

—-Open SPF – definitions —–
http://www.openspf.org/SPF_Record_Syntax

SoftFail The SPF record has designated the host as NOT being allowed to send but is in transition accept but mark

———————————

Tags: , , , , , , , , , , ,

Leave a Comment

« Rewind