Message-
> From: Message Sniffer Community
> [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists)
> Sent: Wednesday, May 24, 2006 9:45 AM
> To: Message Sniffer Community
> Subject: Re: [sniffer]Possible Paypal Phishing
>
> But how is PayPal's DNS involved in this as at what p
gt; Sent: Wednesday, May 24, 2006 9:38 AM
> To: Message Sniffer Community
> Subject: Re: [sniffer]Possible Paypal Phishing
>
> It's really from PostDirect.com aka YesMail.com ...
>
> You can tell that it's authorized because the reverse DNS which ends in
> PayPal.com (
> customer, they could easily set rDNS to whatever they wanted.
> Aol.com, paypal.com, ebay.com, chase.com ...
>
> -Jay
> -Original Message-
> From: Message Sniffer Community
> [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew
> Sent: Wednesday, May
o: Message Sniffer Community
Subject: Re: [sniffer]Possible Paypal Phishing
That is what has me worried.
John T
eServices For You
"Seek, and ye shall find!"
> -Original Message-
> From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf
Of Jay
> Sudowsk
Message Sniffer Community
> Subject: Re: [sniffer]Possible Paypal Phishing
>
> The owner of a domain need not authorize a reverse DNS PTR record in any
> way, shape or form. If the netblock was owned, or the netblock owner
> had delegated rDNS to a malicious customer, they could e
-Original Message-
From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On
Behalf Of Colbeck, Andrew
Sent: Wednesday, May 24, 2006 12:38 PM
To: Message Sniffer Community
Subject: Re: [sniffer]Possible Paypal Phishing
It's really from PostDirect.com aka YesMail.com ...
You can tell that
; > -Original Message-
> > From: Message Sniffer Community
> > [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists)
> > Sent: Wednesday, May 24, 2006 9:31 AM
> > To: Message Sniffer Community
> > Subject: [sniffer]Possible Paypal Phishing
> >
> >
Sent: Wednesday, May 24, 2006 9:31 AM
> To: Message Sniffer Community
> Subject: [sniffer]Possible Paypal Phishing
>
> Attached are the headers to an e-mail I am suspecting as a
> clever phising that has me worried.
>
> It looks like a legit message sent on behalf of Paypal
Attached are the headers to an e-mail I am suspecting as a clever phising
that has me worried.
It looks like a legit message sent on behalf of Paypal, however, it is sent
from an IP address not owned by Paypal BUT which has a REVDNS that ends in
paypal.com.
The message is full of links to images.