Re: rsys4.com and Paypal?
LuKreme wrote: The email body is suspicious (to me) because the URLS are all encoded (obfuscated is my word for that): td width=3D=2215=22img src=3D=22https://a248=2Ee=2Eakamai=2Enet/f/24= 8/47562/14d/ig=2Ersys4=2Enet/responsysimages/pplna/201004_US_MME/pp_mme_edi= t/20100408_US_mme_spacer=2Egif=22 width=3D=2215=22 height=3D=221=22 style= =3D=22display:block;=22 //td Unnecessary QP encoding is nasty and stupid, yeah. (I'd happily give it 3 points or so if it weren't so common in otherwise perfectly legitimate email... including the glop often generated by Outlook. :/ ) What about the link URLs (if any)? So, am I being paranoid, or is someone spoofing Paypal and DKIM? Or is Paypal just trying really hard to make their email look like suspicious spam? I'd say it's *probably* legit. Is it addressed to you personally, or Dear user? Is it related to a transaction, or does it seem to be basically advertising, contentwise? A check back through a handful of my PayPal messages shows that they *do* use Responsys for some of their non-transaction email (Notice of Policy Updates, various advertising for get $x off when you by with PayPal at...), but most of it originates from .paypal.com or .paypal.ca. -kgd
Re: rsys4.com and Paypal?
Kris Deugau wrote: I'd say it's *probably* legit. Very probably. Responsys IPs, with their customer clearly indicated in the PTRs 12.130.139.51 om-paypal-apac.rsys4.com. 12.130.139.52 om-paypal-eu1.rsys4.com. 12.130.139.53 om-paypal-na.rsys4.com. 12.130.139.54 om-paypal-eu2.rsys4.com. I can't assess content or permission, but the origination of such messages is not much in doubt. Bob --
Re: rsys4.com and Paypal?
On 20-Apr-2010, at 11:33, Kris Deugau wrote: Is it addressed to you personally, or Dear user? I was addressed to me. Is it related to a transaction, or does it seem to be basically advertising, contentwise? No, it was advertising copy about something or other (MOther's Day?) -- ''Here comes sunrise. Yeah, here's your sunrise. I used to hide from the sun, tried to live my whole life underground, why'd you have to rise and ruin all my fun? Just turn over; close the curtains on the day.''
Re: rsys4.com and Paypal?
At 10:18 20-04-10, LuKreme wrote: I got a mail from Paypal, but it is not FROM paypal, but it appears to have passed DKIM If it passed DKIM and it is signed by info.paypal.com, it's from Paypal. Regards, -sm
RE: rsys4.com and Paypal?
At 10:18 20-04-10, LuKreme wrote: I got a mail from Paypal, but it is not FROM paypal, but it appears to have passed DKIM If it passed DKIM and it is signed by info.paypal.com, it's from Paypal. Regards, -sm the biggest problem i ever saw was when paypal email was coming from InfoUSA ip space. that is something we consider a no no not that the current place where it was coming from is any better... so much advertising junk from some of these places some known legit, some just crazy out there UBE - rh