Banks, ISPs and SPF records

Forums › IT Pro and developers › Banks, ISPs and SPF records

vrtual

28 posts

Geek

#107499 13-Aug-2012 12:10

I have a customer who regularly receives mail from banks. Important offers, mortgage rates, client information etc. Since moving the account that receives mail to Google Groups (received by multiple people in their organisation) the spam filtering is a lot tighter and mail from banks invariably gets marked as spam.

Based on the mail I have seen the banks are sending as "anz.com" etc via whatever ISP the branch is connected to and it's entirely possible they're also sending from home via their personal ISP.

Many don't have SPF records set up, and surely this is how they should be authorising their email - please correct me if I'm wrong. ASB does - they have a bunch of IP ranges and their salesforce account. BNZ, ANZ, National Bank - nope. Nothing.

Is SPF the right approach? Surely they should already be doing this right?

Any advice welcomed!

- John

richms

27873 posts

Uber Geek

Trusted

Lifetime subscriber

#671786 13-Aug-2012 13:01

Yes they should be doing it right.

Just keep replying with "Sorry, just found this in my spam folder" and eventually they will get it sorted.

IMO if SPF fails then servers would be better of rejecting the mail instead of silently binning it or putting it in a spam folder.

Richard rich.ms

Tradepub

Free professional, reference and technical white papers (affiliate link).

vrtual

28 posts

Geek

#671787 13-Aug-2012 13:05

Thanks Richard - Google Groups does bounce it back to the sender with a note along the lines of "does not meet criteria for bulk email sending" but all the sender does is complain to my client that their email address isn't working, then they phone me up and the argument continues.

It's hard to convince either party it's the bank's fault.

If I can collect some support here that the banks should be dealing with this, then I will certainly present it to them (for what it's worth!)

- j

JamesL

956 posts

Ultimate Geek
Inactive user

#671790 13-Aug-2012 13:08

ANZ use domainkeys instead of SPF

59.2.202.in-addr.arpa IN RRSIG
type covered: NSEC (47)
algorithm: RSA/SHA-1 (5)
labels: 5
original ttl: 172800 (2.00:00:00)
signature expiration: 2012-09-11 18:01:55Z
signature inception: 2012-08-12 17:01:55Z
key tag: 31428
signer's name: 202.in-addr.arpa
signature:
(1024 bits)

15708BCBE986F3D1FA653BB3667A981F
A07FBEF6069CAF26B4E60A657E875015
465E2F1AB0D90FDC6D68680BF7263B6E
A4980307B3C7F8B659A

vrtual

28 posts

Geek

#671794 13-Aug-2012 13:16

Good to know - so could it be the bank isn't extending their domain key identifiers to individual users who choose to email from home etc?

They should all be routing mail through a single authorised SMTP host though to get this though right?

So it's still the sender's problem is what I'm saying...

- j

Regs

4064 posts

Uber Geek

Trusted

Snowflake

#671800 13-Aug-2012 13:29

personally i think all this sort of information should be "pull" based, secured if necessary - not email based

Sales Engineer
Snowflake
www.snowflake.com

about.me/nzregs
Twitter: @nzregs

Zeon

3912 posts

Uber Geek

Trusted

#671811 13-Aug-2012 13:43

Out of all organizations I would have hoped the banks would be better than this. Hell even small 2-man bands often have a better setup than this.

Speedtest 2019-10-14

trig42

5787 posts

Uber Geek

ID Verified

#671817 13-Aug-2012 13:51

As far as bank employees sending from home, I would not have though this would be an issue. They will not be using basic SMTP to send from their home connection. It will be using exchange (or similar) and authorised back the the exchange server, which is sitting in a data centre somewhere.

vrtual

28 posts

Geek

#671893 13-Aug-2012 17:11

I agree they should all be routed through a central secure server, but they're not. One example I have was just this guy claiming to be from a "prominent bank" routing email through Voyager ISP.

I'll get the people concerned to take it up with their IT department, who in all likelihood will scream that they're sending email through unsecured channels.

Thanks for all the input.

- John