Re: [sniffer]Possible Paypal Phishing

2006-05-24 Thread Colbeck, Andrew
Message- > From: Message Sniffer Community > [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists) > Sent: Wednesday, May 24, 2006 9:45 AM > To: Message Sniffer Community > Subject: Re: [sniffer]Possible Paypal Phishing > > But how is PayPal's DNS involved in this as at what p

Re: [sniffer]Possible Paypal Phishing

2006-05-24 Thread John T (Lists)
gt; Sent: Wednesday, May 24, 2006 9:38 AM > To: Message Sniffer Community > Subject: Re: [sniffer]Possible Paypal Phishing > > It's really from PostDirect.com aka YesMail.com ... > > You can tell that it's authorized because the reverse DNS which ends in > PayPal.com (

Re: [sniffer]Possible Paypal Phishing

2006-05-24 Thread Colbeck, Andrew
> customer, they could easily set rDNS to whatever they wanted. > Aol.com, paypal.com, ebay.com, chase.com ... > > -Jay > -Original Message- > From: Message Sniffer Community > [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew > Sent: Wednesday, May

Re: [sniffer]Possible Paypal Phishing

2006-05-24 Thread Jim Matuska Jr.
o: Message Sniffer Community Subject: Re: [sniffer]Possible Paypal Phishing That is what has me worried. John T eServices For You "Seek, and ye shall find!" > -Original Message- > From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Jay > Sudowsk

Re: [sniffer]Possible Paypal Phishing

2006-05-24 Thread John T (Lists)
Message Sniffer Community > Subject: Re: [sniffer]Possible Paypal Phishing > > The owner of a domain need not authorize a reverse DNS PTR record in any > way, shape or form. If the netblock was owned, or the netblock owner > had delegated rDNS to a malicious customer, they could e

Re: [sniffer]Possible Paypal Phishing

2006-05-24 Thread Jay Sudowski - Handy Networks LLC
-Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Wednesday, May 24, 2006 12:38 PM To: Message Sniffer Community Subject: Re: [sniffer]Possible Paypal Phishing It's really from PostDirect.com aka YesMail.com ... You can tell that

Re: [sniffer]Possible Paypal Phishing

2006-05-24 Thread John T (Lists)
; > -Original Message- > > From: Message Sniffer Community > > [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists) > > Sent: Wednesday, May 24, 2006 9:31 AM > > To: Message Sniffer Community > > Subject: [sniffer]Possible Paypal Phishing > > > >

Re: [sniffer]Possible Paypal Phishing

2006-05-24 Thread Colbeck, Andrew
Sent: Wednesday, May 24, 2006 9:31 AM > To: Message Sniffer Community > Subject: [sniffer]Possible Paypal Phishing > > Attached are the headers to an e-mail I am suspecting as a > clever phising that has me worried. > > It looks like a legit message sent on behalf of Paypal

[sniffer]Possible Paypal Phishing

2006-05-24 Thread John T (Lists)
Attached are the headers to an e-mail I am suspecting as a clever phising that has me worried. It looks like a legit message sent on behalf of Paypal, however, it is sent from an IP address not owned by Paypal BUT which has a REVDNS that ends in paypal.com. The message is full of links to images.