On Fri, Apr 16, 2004 at 08:14:20PM -0800, Jaap van Ganswijk enlightened us thusly > At 2004-04-16 14:29, Robert Smith wrote: > >Actually, "Microsoft [does send] emails about new versions of their > >software". I am registered as an MCP at the Mcrosoft web site and > >have actually opted in to receive notices of "important security > >updates" for my W2K Pro OS. > > > > What Microsoft does NOT do is ever send updates as _email_ > > _attachments_ to > >update notices. Any such _attachments_ almost certainly _are_ bogus > >and should be promptly deleted. > > > >Further, all such notices that I receive from Microsoft, are > >authenticated by PGP signatures. > > > >Finally, being duly aware of the bogus hyperlink spoof, I _never_ > >follow links given in emails, even Microsoft authenticated emails, > >but instead I exit Outlook Express and use my own separately > >established links to the Microsoft update web site. These links have > >been undisturbed for over two years of on-line updating and have been > >proven valid by repeated testing and use. > > > >The actual email that lead to this particular fiasco has, of course, > >died with the rest of the contents of my H.D. However, I am sure > >that I still have a copy of last month's notice of updates. I will > >try to locate it and forward it to you as a separate email. > > Since you're obviously enough aware of the problems at hand, I'm sure > your assessment of the situation is correct, so I don't really need to > see the emails anymore. > > Have you reported the problem to Microsoft? > Look for has a 'whois' program. If I get some strange mail I can always run whois on the IP and see if it's the same domain as the From: line. Here's an example from some recent spam.
Header: Received: from 151.182.152.3 by 205.251.187.60; Fri, 16 Apr 2004 FROM: 12:38:3genius:~$whois 151.182.152.3 OrgName: RIPE Network Coordination Centre OrgID: RIPE Address: Singel 258 Address: 1016 AB City: Amsterdam StateProv: PostalCode: Country: NL ReferralServer: whois://whois.ripe.net NetRange: 151.182.0.0 - 151.183.255.255 CIDR: 151.182.0.0/15 NetName: RIPE-ERX-151-182-0-0 NetHandle: NET-151-182-0-0-1 Parent: NET-151-0-0-0-0 NetType: Early Registrations, Transferred to RIPE NCC Comment: These addresses have been further assigned to users in Comment: the RIPE NCC region. Contact information can be found in Comment: the RIPE database at http://www.ripe.net/whois RegDate: 2003-04-02 Updated: 2003-06-18 OrgTechHandle: RIPE-NCC-ARIN OrgTechName: RIPE NCC Hostmaster OrgTechPhone: +31 20 535 4444 OrgTechEmail: [EMAIL PROTECTED] # ARIN WHOIS database, last updated 2004-04-16 19:15 # Enter ? for additional hints on searching ARIN's WHOIS database. 12:38:3genius:~$ So, as you can see, it's a false IP. Further, I would have expected a domain in the 'Received:' header like this genuine one Received: from ship.ie (manson.emmplus.ie [62.17.172.66]) -- With best Regards, Declan Moriarty. -- Author: Declan Moriarty INET: [EMAIL PROTECTED] Fat City Hosting, San Diego, California -- http://www.fatcity.com --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB CHIPDIR-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
