But how is PayPal's DNS involved in this as at what point are the Paypal DNS servers queried?
John T eServices For You "Seek, and ye shall find!" > -----Original Message----- > From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of > Colbeck, Andrew > Sent: Wednesday, May 24, 2006 9:38 AM > To: Message Sniffer Community > Subject: Re: [sniffer]Possible Paypal Phishing > > It's really from PostDirect.com aka YesMail.com ... > > You can tell that it's authorized because the reverse DNS which ends in > PayPal.com (ok, that does set off alarm bells when it's someone else's > netblock) matches the forward lookup of the resulting address at PayPal. > > Therefore, PayPal is deliberately allowing that reverse IP in someone > else's netblock. > > That, or both the netblock and PayPal's DNS have been p0wned. > > Andrew 8) > > > > > -----Original Message----- > > From: Message Sniffer Community > > [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists) > > Sent: Wednesday, May 24, 2006 9:31 AM > > To: Message Sniffer Community > > Subject: [sniffer]Possible Paypal Phishing > > > > Attached are the headers to an e-mail I am suspecting as a > > clever phising that has me worried. > > > > It looks like a legit message sent on behalf of Paypal, > > however, it is sent from an IP address not owned by Paypal > > BUT which has a REVDNS that ends in paypal.com. > > > > The message is full of links to images.postdirect.com but > > does have legit links to paypal.com. > > > > John T > > eServices For You > > > > "Seek, and ye shall find!" > > > > > > > ##################################################### > ######## > This message is sent to you because you are subscribed to > the mailing list <sniffer@sortmonster.com>. > To unsubscribe, E-mail to: <[EMAIL PROTECTED]> > To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> > To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> > Send administrative queries to <[EMAIL PROTECTED]> ############################################################# This message is sent to you because you are subscribed to the mailing list <sniffer@sortmonster.com>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
