: Wednesday, May 24, 2006 9:31 AM
To: Message Sniffer Community
Subject: [sniffer]Possible Paypal Phishing
Attached are the headers to an e-mail I am suspecting as a
clever phising that has me worried.
It looks like a legit message sent on behalf of Paypal,
however, it is sent from an IP
-Original Message-
From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On
Behalf Of Colbeck, Andrew
Sent: Wednesday, May 24, 2006 12:38 PM
To: Message Sniffer Community
Subject: Re: [sniffer]Possible Paypal Phishing
It's really from PostDirect.com aka YesMail.com ...
You can tell that it's
: Re: [sniffer]Possible Paypal Phishing
The owner of a domain need not authorize a reverse DNS PTR record in any
way, shape or form. If the netblock was owned, or the netblock owner
had delegated rDNS to a malicious customer, they could easily set rDNS
to whatever they wanted. Aol.com
:38 AM
To: Message Sniffer Community
Subject: Re: [sniffer]Possible Paypal Phishing
It's really from PostDirect.com aka YesMail.com ...
You can tell that it's authorized because the reverse DNS which ends in
PayPal.com (ok, that does set off alarm bells when it's someone else's
netblock
: Message Sniffer Community
[mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists)
Sent: Wednesday, May 24, 2006 9:45 AM
To: Message Sniffer Community
Subject: Re: [sniffer]Possible Paypal Phishing
But how is PayPal's DNS involved in this as at what point are
the Paypal DNS servers queried
