10 April 2013 18:23:00 AEST 1 MIN READ

Banks could save you from spam with SPF records

 

A screenshot of one of the malware laced emails.

If you own an email address chances are you’ve encountered some degree of spam.

Most of the time it’s simply a matter of ignoring or deleting the email, but recent malware attacks on Westpac users have people questioning the safety of their inboxes.

It’s very easy for spammers to exploit the standard internet protocol for sending emails simply by using a fraudulent address. Often spammers will send what are known as phishing emails to give the impression that the email is from a known organisation, such as a bank, in order to obtain private information.

Ironically, though this technique can prove to be very dangerous, it’s also one of the easiest to prevent. It’s as simple as setting up a Sender Policy Framework (SPF) which creates what’s known as an SPF record. When an email is received, the user can check those records (prior to opening it) to validate the domain before they expose themselves to potentially harmful viruses.

So why don’t any of the major banks have a better spam-filtering system in place?

It would be all too easy for a bank to publish SPF records, enabling users to check who is sending them mail. This would prevent much of the damage associated with phishing emails and save their customer support team a lot of headaches.

One thing’s for sure, the more common these attacks become; the more customers will call for banks to publish SPF records.