Is your bank protecting you?

With all of the recent conversations and articles about DMARC and Authentication I thought I would run a quick scan of the banking landscape in Canada. I took a quick look at the top 5 banks in Canada and the Bank of Canada, Canada’s central bank, added mainly because of a recent phishing warning message they posted this week. The test is only on the corporate domain for each brand as many of the banks have sub-domains sending emails, that may be separately authenticated via a service provider.

Canadian Banks:

Bank Domain SPF DKIM * DMARC
Bank of Montreal Yes No No
Bank of Nova Scotia Yes No p=none
Canadian Imperial Bank of Commerce Yes No No
Royal Bank of Canada Yes No No
Toronto-Dominion Bank No No No
Bank of Canada No No No

A quick review of the top 5 commercial banks in Canada and Canada’s central bank shows they could be doing a lot more to protect their brands and their consumers from Phishing and Fraud. In summary:

  • Four of the six banks are employing SPF for authentication
  • Only one of the banks is using DMARC and is currently in monitoring only mode
  • No visible indication of DKIM on the corporate domains for any of the banks

Sadly the main banks in Canada are failing when it comes to protecting their customers and their employees from fraud and phishing.

* DKIM test is only to see if the service may be in use, without samples and domain selectors it is not possible to tell if the domains properly DKIM sign emails.

Author: Matt V - @emailkarma

Author, CPO, Digital Marketing & Privacy Advocate, Gamer Founder of and

Share This Post On

Pin It on Pinterest

Share This
%d bloggers like this: