Hello Jeremy,

On Sunday, May 9, 2004 at 5:53:14 PM you wrote (at least in part):

>> this is one of those times I wish ezmlm{,-idx} put the original envelope
>> sender in the headers of the email somehwere.

> So anywho, I looked in the archive/ directory for this message, found it, and
> it appears [EMAIL PROTECTED] somehow got added to the list.

Might be, but who sent this particular message? The %XX-encoded URL is
in plain text form:

This isn't PayPal, this is somebody else who tries to fake users. When
this URL is opened a popup opens and a faked PayPal Login form
appears. Additionally this page then presents a "looks like an address
bar" item, that displays a paypal.com address, so IE-users might think
they're in the correct location.

Non-IE users are nearly immediately redirected to the real PayPal
site, I guess whoever intends to get user logins this way does rely on
some glitches of IE that make it hard to recognize one is on the wrong
page and he/she does not want somebody else being able to figure
easily this mail was a big fake.

For all interested: popup opened by above mentioned URL is this page:

Open with deactivated JavaScript to fully "enjoy" it without being
sent somewhere else :-)
Best regards
Peter Palmreuther

Nothing is impossible for anyone impervious to reason.

Reply via email to