Authentication is about Identity, not Virtue


I just got some mail claiming to be from “Bank of America <>”.
It passes SPF:

Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=;;

It passes DKIM:

Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)

The visible RFC 822 From address is strictly aligned with both the SPF domain and the DKIM domain. So if they’d published a DMARC record it would have passed DMARC.
The message branding is good, and looks like Bank of America (unsurprisingly, as it’s loading assets from, which is Bank of America). The only visible giveaway is that it includes an attached Word file, one which will presumably try and install malware on my machine if I load it with Word.
The perfectly passing authentication tells me it’s from There’s nothing that tells me that isn’t Bank of America, and isn’t someone I should trust.

About the author


This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • Ingenious.
    As i often say, if these guys would apply themselves to good rather than evil, they could accomplish *anything.*

  • Yeah it’s a mess. Until there’s some effective international law enforcement the Internet is going to be one scary place to do business.
    Also, the fact that it’s 2017 and just opening a Word document can take over your computer is just sad. GJ Microsoft.

By steve

Recent Posts


Follow Us