If I were to have gotten a suspicious message notice from
epl.paypal-communication.com and gone through a whois, nslookup, whois (ip
address), dig txt paypal-communication.com, dig mx paypal-communication.com, dig
mx epl.paypal-communication.com routine I would have found a very suspicious
pedigree and I would add the IP and domain name to my blacklist. And that is
exactly what I did. Businesses that send email that is indistinguishable from
spam/phishing/obfuscation/cloaking/tracking don't deserve space in my systems.
And because I'll not remember long that I did all this forensic investigation
and was dissatisfied with the results, I go with the least-effort option of
blocking. It is your problem to fix. Be obvious or be blocked. There's too much
at risk.
And including a link to a one-pixel (spacer1.gif) image, obviously a tracking
beacon, in already suspect messages always looks more suspicious yet.
dp
On 6/1/17 1:19 AM, outre...@epsilon.com wrote:
Hi Reindl and Al,
Thank you for your feedback.
The domain https://epl.paypal-communication.com is used by Paypal for link
tracking purposes in their emails. Their sending domains are for example:
mail.paypal.com, mail.paypal.co.uk, mail.paypal.fr etc.
To clarify, I work for Epsilon which is a major Email Service Provider
(www.epsilon.com) and Paypal use our platform to deploy their emails, hence me
contacting you about this delivery issue.
I will pass back your feedback to Paypal so they can make a decision on whether
or not they will want to make any changes to their emails moving forward.
Best regards,
Anne-Sophie Marsh, Sr Email Deliverability Manager EMEA
T +44 2086143219 M +44 7469352383 Epsilon, 67 Broad Street, Teddington
TW11 8QZ, UK epsilon.com
-----Original Message-----
From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of
Reindl Harald
Sent: 01 June 2017 07:24
To: clamav-users@lists.clamav.net
Subject: Re: [clamav-users] clamav-users Digest, Vol 150, Issue 19
Am 01.06.2017 um 03:04 schrieb Al Varnell:
I made an attempt to determine whether epl.paypal-communication.com was a
legitimate domain owned by PayPal with very mixed results.
No WhoIs service could identify it directly
and here is stop to read - let me guess you entered
"epl.paypal-communication.com" including the subdomain and/or used some obsucre
website doing whois requests
[harry@srv-rhsoft:~]$ whois paypal-communication.com
Whois Server Version 2.0
Domain names in the .com and .net domains can now be registered with many
different competing registrars. Go to http://www.internic.net for detailed
information.
Domain Name: PAYPAL-COMMUNICATION.COM
Registrar: MARKMONITOR INC.
Sponsoring Registrar IANA ID: 292
Whois Server: whois.markmonitor.com
Referral URL: http://www.markmonitor.com
Name Server: NS1.P57.DYNECT.NET
Name Server: NS2.P57.DYNECT.NET
Name Server: PDNS100.ULTRADNS.COM
Name Server: PDNS100.ULTRADNS.NET
Status: clientDeleteProhibited
https://icann.org/epp#clientDeleteProhibited
Status: clientTransferProhibited
https://icann.org/epp#clientTransferProhibited
Status: clientUpdateProhibited
https://icann.org/epp#clientUpdateProhibited
Updated Date: 05-mar-2017
Creation Date: 06-apr-2011
Expiration Date: 06-apr-2018
>>> Last update of whois database: Thu, 01 Jun 2017 06:20:04 GMT <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring registrar.
Users may consult the sponsoring registrar's Whois database to view the
registrar's reported date of expiration for this registration.
Domain Name: paypal-communication.com
Registry Domain ID: 1649488607_DOMAIN_COM-VRSN Registrar WHOIS Server:
whois.markmonitor.com Registrar URL: http://www.markmonitor.com Updated Date:
2017-03-05T02:14:48-0800 Creation Date: 2011-04-06T05:23:32-0700
Registrar Registration Expiration Date: 2018-04-06T00:00:00-0700
Registrar: MarkMonitor, Inc.
Registrar IANA ID: 292
Registrar Abuse Contact Email: abusecomplai...@markmonitor.com
Registrar Abuse Contact Phone: +1.2083895740
Domain Status: clientUpdateProhibited
(https://www.icann.org/epp#clientUpdateProhibited)
Domain Status: clientTransferProhibited
(https://www.icann.org/epp#clientTransferProhibited)
Domain Status: clientDeleteProhibited
(https://www.icann.org/epp#clientDeleteProhibited)
Domain Status: serverUpdateProhibited
(https://www.icann.org/epp#serverUpdateProhibited)
Domain Status: serverTransferProhibited
(https://www.icann.org/epp#serverTransferProhibited)
Domain Status: serverDeleteProhibited
(https://www.icann.org/epp#serverDeleteProhibited)
Registry Registrant ID:
Registrant Name: Domain Administrator
Registrant Organization: PayPal Inc.
Registrant Street: 2211 North First Street,
Registrant City: San Jose
Registrant State/Province: CA
Registrant Postal Code: 95131
Registrant Country: US
Registrant Phone: +1.8882211161
Registrant Phone Ext:
Registrant Fax: +1.4025375774
Registrant Fax Ext:
Registrant Email: hostmas...@paypal.com
Registry Admin ID:
Admin Name: Domain Administrator
Admin Organization: PayPal Inc.
Admin Street: 2211 North First Street,
Admin City: San Jose
Admin State/Province: CA
Admin Postal Code: 95131
Admin Country: US
Admin Phone: +1.8882211161
Admin Phone Ext:
Admin Fax: +1.4025375774
Admin Fax Ext:
Admin Email: hostmas...@paypal.com
Registry Tech ID:
Tech Name: Domain Administrator
Tech Organization: PayPal Inc.
Tech Street: 2211 North First Street,
Tech City: San Jose
Tech State/Province: CA
Tech Postal Code: 95131
Tech Country: US
Tech Phone: +1.8882211161
Tech Phone Ext:
Tech Fax: +1.4025375774
Tech Fax Ext:
Tech Email: hostmas...@paypal.com
Name Server: ns2.p57.dynect.net
Name Server: pdns100.ultradns.com.
Name Server: ns1.p57.dynect.net
Name Server: pdns100.ultradns.net.
DNSSEC: signedDelegation
URL of the ICANN WHOIS Data Problem Reporting System:
http://wdprs.internic.net/
>>> Last update of WHOIS database: 2017-05-31T23:20:11-0700 <<<
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml