Re: communicating with them using ALL of their registered methods
"Who reads emails that purportedly come from the bank?"
There's another side to that - by sending out spam the banks are training their customers to respond to phishing emails.
Much as I'd like to suggest firing the guilty in the marketing departments (that's probably entire departments) there are ways in which things could be improved.
My own solution to the bank email problem is to have my own domain and use that to give the banks etc their own email aliases to address any emails to me. Unless some bank employee has my email address on his BYOD - which he shouldn't - and loses it then I can reasonably rely on any email that claims to come from my bank actually having done so*.
I appreciate that not everyone wants to run their own domain. A simpler solution would be that email hosters provide each customer with a subdomain within which the customer can set up their own aliases so instead of NatWest sending emails to fred.bloggs@example.com they send to nw.2016@fredbloggs.example.com or even better 55de6ff8-e541-11e5-b6b8-78acc0c6193c@fredbloggs.example.com.**
The other technical improvement would be to make PGP a core part of an extended SMTP so that if I get an email which purports to come from my bank it would be signed and my email provider's server would verify the signature with the bank's public key before accepting it.*** For good measure I might have a copy of the bank's expected key on my email client, just in case the email were to come from someone@my-bannk.com.
Today's email standards and practices are rapidly becoming inadequate and need to be improved.
*In fact, this may not be correct. I have had words with more than one financial institution about their having employed digital marketing companies spammers to send out valuable marketing communications spam. If that were to happen under my current system I'd then have to change the alias and complain bitterly about the hassle. The alias might well be changed by changing bank. Maybe fire the marketing departments just to be on the safe side.
**This does, of course, rely on email providers not having their database popped by teenage skiddies using exploits older than themselves. Come to that, so does my existing arrangement but I think that, unlike other internet companies I've left behind, they're prepared to keep their security up-to-date.
***The keys would either be served from the bank's email server or the bank's DNS records would include an alternative address. And, yes, I do know that PGP can be enabled on my email client today; do you know it's not a rhism of use without most other correspondents also using it? It needs to become universal to be of use and the only way for that to happen is for it to become adopted into the standard so that non-use can be deprecated.
Biting the hand that feeds IT
