sthaug at sthaug at
Fri Jan 8 19:39:54 UTC 2010

> I host on one of my servers, and, it does not have any outlook or owa
> services.  For some reason, someone decided to try and send this message
> out to various internet recipients:
> Anyone seen this before?  Any good techniques for combatting it?

If you look more closely at the messages I believe you'll find that
they are multipart/alternative, and that the second part gives a
slightly modified version of the owa URL. For instance, for my own domain the first part of message says

but the second part specifies URLs like

This is a very old trick, seen lots of times in connection with
phishing sites, for instance.

Steinar Haug, Nethelp consulting, sthaug at

More information about the NANOG mailing list