Making it easy for the phisher king

Have just sent an email to my ISP (the offending marketing email it refers to has been omited from this post):

Dear Sirs

I have just received this email from kadence.com, a market research company claiming to be acting on your behalf.

I suspect it is genuine, but given that phishing is such a huge problem, companies like yourself are not making it any easier by running services like this. In doing so, you normalise the idea that a survey for domain X might come from a completely unrelated domain Y, and thus make it easier for phishers to fake such relationships.

Aside from this, the email is atrociously formatted – no doubt a result from having been laid out as HTML, with no-one actually looking at the text/plain component this produces. This makes it look even more like a fake!

As a leading ISP, I expect more of you, and would ask you to address these issues in future. While I appreciate that you may wish to use external market research companies, it should not be difficult for you to offer them email addresses and webspace to work with, within your own domain. Expecting your customers to work out whether an email is genuine is unfair on them, and leaves them (and yourselves) open to fraud.

One Comment

Leave a Reply