Is your bank protecting you?

With all of the recent conversations and articles about DMARC and Authentication I thought I would run a quick scan of the banking landscape in Canada. I took a quick look at the top 5 banks in Canada and the Bank of Canada, Canada’s central bank, added mainly because of a recent phishing warning message they posted this week. The test is only on the corporate domain for each brand as many of the banks have sub-domains sending emails, that may be separately authenticated via a service provider.

Canadian Banks:

Bank Domain SPF DKIM * DMARC
Bank of Montreal Yes No No
Bank of Nova Scotia Yes No p=none
Canadian Imperial Bank of Commerce Yes No No
Royal Bank of Canada Yes No No
Toronto-Dominion Bank No No No
Bank of Canada No No No

A quick review of the top 5 commercial banks in Canada and Canada’s central bank shows they could be doing a lot more to protect their brands and their consumers from Phishing and Fraud. In summary:

  • Four of the six banks are employing SPF for authentication
  • Only one of the banks is using DMARC and is currently in monitoring only mode
  • No visible indication of DKIM on the corporate domains for any of the banks

Sadly the main banks in Canada are failing when it comes to protecting their customers and their employees from fraud and phishing.

* DKIM test is only to see if the service may be in use, without samples and domain selectors it is not possible to tell if the domains properly DKIM sign emails.

Author: Matt V - @emailkarma

Matthew Vernhout is a digital messaging industry veteran and Certified International Privacy Professional (Canada) (CIPP/C) with nearly two decades of experience in email marketing. Matthew is 250ok’s Director of Privacy, and he is currently the Vice Chair of the eec, after serving for several years as the Chair of their Advocacy Subcommittee. Matthew was recognized as the 2019 eec thought-leader of the year.

Share This Post On

Submit a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.