I agree, I'm not a application Security expert, but why can the banks issue a authentication Certificate, and only allow connections to those who are authenticated? Russell Sharpe rsharpe(a)paradise.net.nz Ph +64 4 9717665, +64 21 742 773 Fax +64 4 9717635, +64 21 342 776 -----Original Message----- From: Craig Whitmore [mailto:lennon(a)orcon.net.nz] Sent: Monday, 19 September 2005 17:52 To: Matthew Poole; nznog(a)list.waikato.ac.nz Subject: Re: [nznog] New phish - Westpac Banks should be proactive in these type of things. westpacs phish would of been stopped if they had SPF records. Quite a number of Banks in the States and other places have started to put SPF records in to stop this phishing (This is what SPF is used for (not Anti-Spam)) The IRD/SSC/Treasury (the 3 most important NZ government areas) have SPF records (and they use -all which is good). Before you reply. I've heard all the Anti-SPF abuse before. Yes it can break forwarding, but people shouldn't forward without your permission (and then you change your SPF records to allow this) Thanks Craig http://www.spam.co.nz/spf ----- Original Message ----- From: "Matthew Poole" <matt(a)p00le.net> To: <nznog(a)list.waikato.ac.nz> Sent: Monday, September 19, 2005 5:31 PM Subject: Re: [nznog] New phish - Westpac _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog