I have recently installed a new email server that handles my personal email accounts, as well as a couple of other domains (including this forum), and have been watching the logs quite carefully for the past week while checking and tweaking settings.
Our bank has a security check on our debit cards, such that if you use the card for any on-line purchase you need to supply a one-time security code that they send via text or email. We happened to have one card set up for email notifications, and on using it today, the email didn't arrive.
Checking the logs I found that our email server had in fact received an incoming connection from the company that does the security checks, but had rejected it because the forward and reverse DNS records for the (claimed) originating server do not match. In fact the PTR record for that server appears to be the default bulk record supplied by their ISP.
In the last week, there is not other record in our logs of incoming email from a server with mismatched DNS records.
A few questions are raised by this, like how many other clients never get their security code emails because their email system applies tight (but not abnormal) security?
and what level of quality control exists in an organisation that exists for security, but can't remember to correctly configure their own internet address?
Bank IT systems
Moderator: RichardW
- GiveMeABreak
- Forum Admin Team
- Posts: 37339
- Joined: 15 Sep 2015, 19:38
- Location: West Wales
- My Cars: C3 Aircross SUV HDi Flair Peperoncino Red (The Chili Hornet)
C5 X7 2.0 HDi Exclusive Mativoire Beige (The Golden Hornet)
C3 1.6 HDi Exclusive Aluminium Grey (The Silver Hornet)
C5 MK II 2.0 HDi Exclusive Obsidian Black
C5 MK I 2.0 HDi SX Wicked Red
Xantia S2 2.0 HDi SX Hermes Red
C15 Romahome White
XM 2.0 Turbo Prestige Emerald Green Pearlescent
XM 2.0 Turbo Prestige Polar White
XM 2.0 SX Polar White
CX 20 Polar White
GS 1220 Geranium Red
CX 2.4 Prestige C-Matic Nevada Beige
GS 1000 Cedreat Yellow - x 5723
Re: Bank IT systems
True - I tend to have any verification codes sent via phone as I believe there is less risk and it's very quick. There's always the possibility of some interception along the route with email - wherever the filters lie that could interfere. But very interesting nonetheless concerning their own systems!
Please Don't PM Me For Technical Help
Marc
Marc
- white exec
- Moderating Team
- Posts: 7445
- Joined: 21 Dec 2015, 12:46
- Location: Sayalonga, Malaga, Spain
- My Cars: 1996 XM 2.5TD Exclusive hatch RHD
1992 BX19D Millesime hatch LHD
previously 1989 BX19RD, 1998 ZX 1.9D auto, 2001 Xantia 1.8i auto
and lots of Rovers before that: 1935 Ten, 1947 Sixteen, 1960 P5 3-litre, 1966 P6 2000, 1972 P6 2000TC, and 1975 P6B 3500S - x 1752
Re: Bank IT systems
Our authentications codes come by phone too, from several banks, UK and Spanish. Usually arrive within seconds.
Chris
- xantia_v6
- Forum Admin Team
- Posts: 9084
- Joined: 09 Nov 2005, 22:03
- Location: France or NewZealand
- Lexia Available: Yes
- My Cars: -
1997 Citroen Xantia V6 (France)
1999 Citroen XM V6 ES9 (France)
2011 Peugeot 308 CC THP 155 (NZ)
1975 Jaguar XJ-S pre-HE (NZ) - x 834
Re: Bank IT systems
In an unrelated incident yesterday, British Airways yesterday sent me an email with a new PIN for an online account which I have no recollection of signing up for.
I know that I flew BA in 2002, and perhaps in 2005, but never since then, so I wonder why they still have my personal details.
Initially I thought it was a phishing email, but careful examination of the headers showed that it did come from a BA server (although one with incomplete security configuration).
I suspect that the sending of that email was triggered by the general panic at BA due to the security breach that was made public about 8 hours later.
I know that I flew BA in 2002, and perhaps in 2005, but never since then, so I wonder why they still have my personal details.
Initially I thought it was a phishing email, but careful examination of the headers showed that it did come from a BA server (although one with incomplete security configuration).
I suspect that the sending of that email was triggered by the general panic at BA due to the security breach that was made public about 8 hours later.