LuKreme wrote:
The email body is suspicious (to me) because the URLS are all encoded
(obfuscated is my word for that):
<td width=3D=2215=22><img src=3D=22https://a248=2Ee=2Eakamai=2Enet/f/24=
8/47562/14d/ig=2Ersys4=2Enet/responsysimages/pplna/201004_US_MME/pp_mme_edi=
t/20100408_US_mme_spacer=2Egif=22 width=3D=2215=22 height=3D=221=22 style=
=3D=22display:block;=22 /></td>
Unnecessary QP encoding is nasty and stupid, yeah. (I'd happily give it
3 points or so if it weren't so common in otherwise perfectly legitimate
email... including the glop often generated by Outlook. :/ )
What about the link URLs (if any)?
So, am I being paranoid, or is someone spoofing Paypal and DKIM? Or is Paypal
just trying really hard to make their email look like suspicious spam?
I'd say it's *probably* legit.
Is it addressed to you personally, or "Dear user"?
Is it related to a transaction, or does it seem to be basically
advertising, contentwise?
A check back through a handful of my PayPal messages shows that they
*do* use Responsys for some of their non-transaction email ("Notice of
Policy Updates", various advertising for "get $x off when you by with
PayPal at..."), but most of it originates from .paypal.com or .paypal.ca.
-kgd
