> http://amtrak.bfi0.com/.....
>Lesson for phishers: If you want your phish to seem more legit, outsource it >to Bigfoot Interactive, which seems to lead back to Epsilon Agency Services, >who specialise in... well, phishing, but for the good guys. I bet the Russian >Business Network could do it for less though :-). Having dealt at length with people from BFI/Epsilon, I can confirm that many of them are not the sharpest needles in the etui. This problem is well known in the ESP (bulk mail for hire) industry, and the better ones know how to deal with it. If you are on Orbitz' mailing list, for example, the mail comes from [EMAIL PROTECTED], and the links in the mail all go to http://my.orbitz.com/whatever. Do a few DNS lookups and you'll find NS records from Orbitz that delegate my.orbitz.com to Responsys, their ESP. This is a straightforward and effective way to manage the namespace for outsourced mail, and my biggest question is why so many ESPs don't do it yet. R's, John --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
