That is what has me worried. John T eServices For You
"Seek, and ye shall find!" > -----Original Message----- > From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Jay > Sudowski - Handy Networks LLC > Sent: Wednesday, May 24, 2006 9:51 AM > To: Message Sniffer Community > Subject: Re: [sniffer]Possible Paypal Phishing > > The owner of a domain need not authorize a reverse DNS PTR record in any > way, shape or form. If the netblock was owned, or the netblock owner > had delegated rDNS to a malicious customer, they could easily set rDNS > to whatever they wanted. Aol.com, paypal.com, ebay.com, chase.com ... > > -Jay > -----Original Message----- > From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On > Behalf Of Colbeck, Andrew > Sent: Wednesday, May 24, 2006 12:38 PM > To: Message Sniffer Community > Subject: Re: [sniffer]Possible Paypal Phishing > > It's really from PostDirect.com aka YesMail.com ... > > You can tell that it's authorized because the reverse DNS which ends in > PayPal.com (ok, that does set off alarm bells when it's someone else's > netblock) matches the forward lookup of the resulting address at PayPal. > > Therefore, PayPal is deliberately allowing that reverse IP in someone > else's netblock. > > That, or both the netblock and PayPal's DNS have been p0wned. > > Andrew 8) > > > > > -----Original Message----- > > From: Message Sniffer Community > > [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists) > > Sent: Wednesday, May 24, 2006 9:31 AM > > To: Message Sniffer Community > > Subject: [sniffer]Possible Paypal Phishing > > > > Attached are the headers to an e-mail I am suspecting as a > > clever phising that has me worried. > > > > It looks like a legit message sent on behalf of Paypal, > > however, it is sent from an IP address not owned by Paypal > > BUT which has a REVDNS that ends in paypal.com. > > > > The message is full of links to images.postdirect.com but > > does have legit links to paypal.com. > > > > John T > > eServices For You > > > > "Seek, and ye shall find!" > > > > > > > ##################################################### > ######## > This message is sent to you because you are subscribed to > the mailing list <[email protected]>. > To unsubscribe, E-mail to: <[EMAIL PROTECTED]> > To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> > To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> > Send administrative queries to <[EMAIL PROTECTED]> > > > > > ##################################################### > ######## > This message is sent to you because you are subscribed to > the mailing list <[email protected]>. > To unsubscribe, E-mail to: <[EMAIL PROTECTED]> > To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> > To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> > Send administrative queries to <[EMAIL PROTECTED]> ############################################################# This message is sent to you because you are subscribed to the mailing list <[email protected]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
