Rick Faircloth wrote: > How can a phishing email be sent from [EMAIL PROTECTED] ? How can > the PayPal.com domain be used if their email servers are set up correctly?
If you're looking at the "FROM:" field in your emailer's UI, then anyone can write anything there, agreed. But most of the phishing scams I've seen have been revealed by looking at the first (bottom-most) "RECEIVED:" field in the message headers. This shows the actual domain from which the message was sent. (How can you see email headers? It varies with the emailer you use, and whether you accept HTML-formatted email or display everything as ASCII. Examples of reading headers are at http://www.stopspam.org/email/headers.html .) If you find that the spam actually lists your own domain in there, then that usually implies a security breach at your end. But most of these cases are just a message from evilGreedy.org with a FROM: field listing a good person's name and domain. Emailers have been created with certain problems like this... the acceptance of tons of quoted sigs in an outbound message is another such design flaw in email software. It'd be easy for email software to compare the originating domain with the professed domain.... jd -- John Dowdell . Adobe Developer Support . San Francisco CA USA Weblog: http://weblogs.macromedia.com/jd Aggregator: http://weblogs.macromedia.com/mxna Technotes: http://www.macromedia.com/support/ Spam killed my private email -- public record is best, thanks. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:245588 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
