Why aren't Shaw bill notification emails sent using authentication and encryption?

rgsteele
Grasshopper

When I receive the email notification saying "Your Shaw bill is ready", Gmail indicates that the message is unencrypted and unauthenticated:

Screen Shot 2019-11-06 at 7.15.13 PM.png

Why isn't Shaw using encryption and authentication on these emails?

Labels (1)
3 Replies

I haven't heard of any issues with this. I don't receive...

shaw-tony
Moderator
Moderator

@rgsteele I haven't heard of any issues with this. I don't receive the same message through Hotmail or a Shaw email address.

0 Kudos
Reply
Loading...

Hi , These articles on the Gmail Help site explain what e...

rgsteele
Grasshopper

Hi @shaw-tony,

These articles on the Gmail Help site explain what encryption and authentication are:

Check the security of your emails - Gmail supports the industry-standard Opportunistic TLS encryption mechanism to protect users' messages from being read by unauthorized individuals while in transit. This only works when the sender also supports encryption however, and right now the system sending the e-bill notifications does not support encryption.

Check if your Gmail message is authenticated - Gmail indicates to the user if the sender of a message has not implemented DKIM or SPF to authenticate their messages. This helps make users aware of phishing attempts. However, when a legitimate sender like Shaw does not properly implement either of these protocols, then users are left guessing about whether the email is legitimate. Even worse, this conditions them to ignore these signals about potentially malicious content.

Here's a snippet from the headers of one of these messages which may help your security department address part of this issue:

Received-SPF: permerror (google.com: permanent error in processing during lookup of admin.vanisland@sjrb.ca: cbsprd.shaw.ca not found) client-ip=204.209.208.162;

 

0 Kudos
Reply
Loading...

thank you for the specific details, I'll certainly pass i...

shaw-tony
Moderator
Moderator

@rgsteele thank you for the specific details, I'll certainly pass it along to our security teams.

0 Kudos
Reply
Loading...
TALK TO US
We're here to help