Reply to post: Spear phishing e-mails?

Return of the audio format wars and other money-making scams

Twanky
Flame

Spear phishing e-mails?

Yeah, what we need is some software that will show us where the e-mail actually came from rather than the display name requested... Oh, hold on - that's too old fashioned...

Seriously: can we not agree to use SPF, DKIM, S/MIME (and even DMARC) etc to stop fake e-mails getting through? I get it that the FD (for example) doesn't feel the need to understand this sort of thing but Shirley the guys in charge of the tech can specify software that shows when a message fails these checks.

I get so many messages that apparently come out of UK local government or academic establishment domains and those domains have no or lax SPF and non-existent DKIM controls in place. Absolutely crap. If messages that failed SPF and/or DKIM were clearly labelled "not to be trusted" by Outlook or Thunderbird or whatever then maybe the domain administrators could be persuaded to help clean up their organisation's reputation. Alas, I fear the reaction would instead be to accept that the "not to be trusted" label is not to be trusted.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon