Email security issues

Brian Bruns bruns at
Mon Nov 10 19:36:44 UTC 2003

This is one of those times where either PGP/GPG or these digital ID things
in Outlook/Outlook Express would come in handy.  Not that I would expect
normal users to bother to check to see if the sig is legit or not,
considering these are the same people who seem to have no problem opening a
zip file and running an exe in it (ala MiMail).

Brian Bruns
The Summit Open Source Development Group
Open Solutions For A Closed World / Anti-Spam Resources

The AHBL -
----- Original Message ----- 
From: "Daniel Roesen" <dr at>
To: <nanog at>
Sent: Monday, November 10, 2003 2:30 PM
Subject: Re: Email security issues

> On Mon, Nov 10, 2003 at 01:10:42PM -0600, Adi Linden wrote:
> > I've just receives a nice email from my banker (ok, it claims to be from
> > my banker) asking me to visit my banks website and confirm my email
> > address. This email is by far the most convincing piece of fraud I
> > received to date so far. The URL loads up the bank page plus a popup
> > provoding a login. Looking at the source of the popup it revels that it
> > positively not a legit source and most likely used to harvest peoples
> > access information.
> Yep, got the same one. Quite a good fake. Even the faked Received: line
> has an IP from an IP block of this bank. The only "technical" thing
> which I saw when taking a quick look which showed the fake was the
> .edu relay inbetween.
> Best regards,
> Daniel

More information about the NANOG mailing list