ISP phishing

• Previous message (by thread): ISP phishing
• Next message (by thread): ISP phishing
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 28 Jun 2005, Brad Knowles wrote:

> At 5:17 PM -0400 2005-06-28, Mark Tombaugh wrote:
>
>>  On Thu, 2005-06-23 at 09:54 -0400, Robert Boyle wrote:
>>>  we enabled a global rule which blocks
>>>  any email from accounts such as billing, root, postmaster, antivirus,
>>>  abuse, security, etc. which don't originate from our management IP space
>>>  where our people work. As a result, we have stopped these phishing scams
>>>  for our users dead in their tracks.
>>
>>  You sound so sure about that... Am I missing something?
>
> 	Yes.  Any billing, root, postmaster, etc... messages that claim to be 
> from his system have to be generated from their management IP space.  You may 
> be able to phish their customers by sending them bogus messages of this sort 
> that claim to be from other sites or facilities, but you won't be able to 
> phish his customers by sending them messages like this that claim to be from 
> his system.
>
> 	I applaud his move, and wish more groups did the same.

It would have been better if he had just installed SPF, and published DNS
records for his own domain, and rejected them based on that. Then other
people receiving forged emails with his domain would also be able to just
drop those emails.

Paul

• Previous message (by thread): ISP phishing
• Next message (by thread): ISP phishing
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]