INFOWORLD GRIPE LINE BY ED FOSTER Bookmark this page

  
Display: Sort:
PayPal Spoof E-mail Isn't Itself a Spoof | 120 comments (120 topical) | Post A Comment
It was covered by anti-forgery technology...[ Reply to This ] (none / 0) (#1)
by adonoho on Fri Aug 05, 2005 at 01:40:27 PM PDT

Ed,

The note from Paypal does use some of the latest deployed anti-spoofing technologies - namely SPF, Sender Policy Framework. For example, in my copy of the mail, the following header was inserted by my mail server:

Received-Spf: pass receiver=XXX.XXX; client-ip=206.165.246.86; envelope-from=paypal@email.paypal.com
What SPF allows is for vendors to identify which machines are authorized to send mail for a domain. And that is how Paypal is using it. SPF is just one of many checks that still need to be done to email to defeat phishing but it is a step in the right direction.

In other words, the state of anti-phishing technology is improving. Yes, the email readers need to be updated to exploit this information. But the net is moving towards making forgery harder.

Andrew

P.S. I have no vested interest in SPF other than using it myself.

[ Reply to This ]



Re: It was covered by anti-forgery technology...[ Parent | Reply to This ] (none / 0) (#3)
by Anonymous User on Mon Aug 08, 2005 at 11:06:54 AM PDT

Regarding the SPF headers: It is trivially easy for any spammer (or anyone with even a moderate knowledge of the mechanics of e-mail) to add any fake header they want, including a fake "X-SPF-Passed: True" header. Spammers and phishers have a vested interest in exploiting these technologies to the maximum possible extent. SPF can be exploited by phishers and spammers to make their mail seem more authentic and credible. SPF is not an end-user mechanism. Unless you know the *exact* behavior of the mail server receiving the message, what *exact* headers are added, how fake headers are handles, *exactly* how the checks are performed, etc., these checks are of no value to the end user. They are for the mail server administrator or postmaster.

[ Parent | Reply to This ]


It's not that complex.[ Parent | Reply to This ] (none / 0) (#7)
by foxyshadis1 on Tue Aug 09, 2005 at 06:22:44 PM PDT

All you need to know is whether your mail server supports SPF. If it does, then it'll detect that the message says it's coming from paypal.com but isn't on their SPF list and dispose of it. If your mailer doesn't, spammers are free to do whatever they want to the message, obviously.

[ Parent | Reply to This ]


Paypal phish[ Parent | Reply to This ] (none / 0) (#10)
by Shade on Wed Aug 10, 2005 at 12:25:11 PM PDT

I too received it and thought, "well, well, yet another attempt. But, my spoofstick said it was from paypal. I clicked through and lo and behold, it was a customer advisory. It does rattle you that so many are still trying to do the dastardly deed. Keep up your good work.
We are all we have.
[ Parent | Reply to This ]


SpoofStick[ Parent | Reply to This ] (none / 0) (#14)
by Anonymous User on Fri Aug 12, 2005 at 11:30:15 AM PDT

For those that don't know, SpoofStick is a FireFox extension that displays the domain name of the page you are on. This is very handy when you are not sure a page is legitimant or not.

[ Parent | Reply to This ]


yes[ Parent | Reply to This ] (none / 0) (#33)
by maderikapapa on Fri Jun 27, 2008 at 09:02:22 PM PDT

出会い出会い系サイト出会い喫茶出会い掲示板ナンパ出会いカフェ人妻出会い無 009;系サイト優良出会い系攻略 完全無料。アダルトビデオアダルト動画アダルトアニメアダルト画像アダル 488;サイト無料DVDアダルト風俗サンプル無料風俗優良アダルトサイト比較海 806;。人妻画像人妻パラダイス知合い人妻援護会人妻コレクション風 439;告白。熟女画像東京熟女掲示板動画熟女ビデオおまんこオナニーエロ画像エロフラッシュアニメ 456;ロ動画エロゲームエロ漫画無料エロサイト。エッチ画像エッチ動画エッチ小説写真エッチ 450;ニメエッチ0930。セックスアナルセックス画像セックス動画セックスフレンドスワッピングSEX写真セックスボランティセ 483;クス体位東京セックス仕方 SEX。おっぱい画像おっぱい村長おっぱい楽園掲示板お 387;ぱい命おっぱいゲーム。巨乳動画巨乳画像アイドル巨乳 522;示板風俗。セフレ募集セフレ掲示板セフレ画像掲示板セフレの作り方出会い無料素人セフレ。童貞狩りエロ漫画童貞狩り童貞喪失童貞オークション素人童貞逆援不倫パートナー不倫出会い人妻不倫不倫を楽しみたい方にはお薦め 154;妻画像など満載出会いサイトを楽しむならココ無料出会いで一緒に遊ぼう出会いはLOVEアゲインで決まり

[ Parent | Reply to This ]


fvbh[ Parent | Reply to This ] (none / 0) (#42)
by Anonymous User on Wed Oct 22, 2008 at 01:58:56 AM PDT

SEXlink1

[ Parent | Reply to This ]


fgbb[ Parent | Reply to This ] (none / 0) (#47)
by Anonymous User on Thu Oct 23, 2008 at 03:36:23 AM PDT

,ff,,,f*f不倫

[ Parent | Reply to This ]


gbvv[ Parent | Reply to This ] (none / 0) (#51)
by Anonymous User on Fri Oct 24, 2008 at 12:48:59 AM PDT

,fff,fff^出会,,

[ Parent | Reply to This ]


gfdd[ Parent | Reply to This ] (none / 0) (#55)
by Anonymous User on Sat Oct 25, 2008 at 12:55:41 AM PDT

出会,,,ff,,素人

[ Parent | Reply to This ]


fgkk[ Parent | Reply to This ] (none / 0) (#60)
by Anonymous User on Sun Oct 26, 2008 at 01:15:29 AM PDT

,fff巨乳熟女

[ Parent | Reply to This ]


fdmm[ Parent | Reply to This ] (none / 0) (#65)
by Anonymous User on Mon Oct 27, 2008 at 03:49:30 AM PDT

,ffff"f,,ff,,童貞

[ Parent | Reply to This ]


fbvd[ Parent | Reply to This ] (none / 0) (#70)
by Anonymous User on Tue Oct 28, 2008 at 03:05:52 AM PDT

童貞,f*ffff`

[ Parent | Reply to This ]


gfmm[ Parent | Reply to This ] (none / 0) (#75)
by Anonymous User on Wed Oct 29, 2008 at 03:21:50 AM PDT

,fff^,f不倫

[ Parent | Reply to This ]


dgff[ Parent | Reply to This ] (none / 0) (#80)
by Anonymous User on Thu Oct 30, 2008 at 03:15:06 AM PDT

,ff,,出会,,,f

[ Parent | Reply to This ]


fdgg[ Parent | Reply to This ] (none / 0) (#81)
by Anonymous User on Fri Oct 31, 2008 at 02:46:01 AM PDT

SEX,ff,,おっぱ,,

[ Parent | Reply to This ]


ffgb[ Parent | Reply to This ] (none / 0) (#86)
by Anonymous User on Sat Nov 01, 2008 at 02:47:23 AM PDT

不倫熟女,fff風--

[ Parent | Reply to This ]


fkoo[ Parent | Reply to This ] (none / 0) (#91)
by Anonymous User on Sun Nov 02, 2008 at 03:48:08 AM PDT

,ff,,SEX逆援

[ Parent | Reply to This ]


okmm[ Parent | Reply to This ] (none / 0) (#96)
by Anonymous User on Mon Nov 03, 2008 at 02:46:24 AM PDT

不倫童貞ff',

[ Parent | Reply to This ]


jdhh[ Parent | Reply to This ] (none / 0) (#101)
by Anonymous User on Tue Nov 04, 2008 at 01:14:54 AM PDT

,f*f熟女,fff

[ Parent | Reply to This ]


mkoo[ Parent | Reply to This ] (none / 0) (#106)
by Anonymous User on Tue Nov 04, 2008 at 08:56:54 PM PDT

人妻,f*f,ff,,

[ Parent | Reply to This ]


gfbb[ Parent | Reply to This ] (none / 0) (#112)
by Anonymous User on Thu Nov 06, 2008 at 09:06:07 PM PDT

,fff^,f熟女

[ Parent | Reply to This ]


fvbb[ Parent | Reply to This ] (none / 0) (#117)
by Anonymous User on Fri Nov 07, 2008 at 10:37:32 PM PDT

人妻,fff不倫

[ Parent | Reply to This ]


ggfd[ Parent | Reply to This ] (none / 0) (#122)
by Anonymous User on Sun Nov 09, 2008 at 01:56:56 AM PDT

,fff^SEX逆援

[ Parent | Reply to This ]


fdee[ Parent | Reply to This ] (none / 0) (#130)
by Anonymous User on Tue Nov 18, 2008 at 08:03:14 PM PDT

,f,fff^,ffff"f,

[ Parent | Reply to This ]


dsko[ Parent | Reply to This ] (none / 0) (#131)
by Anonymous User on Fri Nov 21, 2008 at 11:25:33 PM PDT

,f,ff,,出会,,

[ Parent | Reply to This ]


yxim[ Parent | Reply to This ] (none / 0) (#133)
by Anonymous User on Sat Nov 29, 2008 at 09:14:10 PM PDT

,ff,,,f*f不倫

[ Parent | Reply to This ]


xkuv[ Parent | Reply to This ] (none / 0) (#135)
by Anonymous User on Sun Nov 30, 2008 at 09:25:58 PM PDT

,fff,fff^出会,,

[ Parent | Reply to This ]


v[ Parent | Reply to This ] (none / 0) (#38)
by Anonymous User on Tue Aug 12, 2008 at 07:44:31 AM PDT

Free YouTube Downloader | YouTube to iPod | YouTube on PSP | YouTube to MP3 | YouTube to MP4 | YouTube to 3GP | YouTube to AVI | YouTube to MPG | YouTube to WMV | YouTube to DivX | YouTube to MOV | YouTube to WMA | YouTube Ripper YouTube to iPod | YouTube to iPhone | YouTube to PSP | YouTube to Zune | YouTube to MP4 | YouTube to Apple TV | YouTube to 3GP | iPod to PC Transfer

[ Parent | Reply to This ]


c[ Parent | Reply to This ] (none / 0) (#39)
by Anonymous User on Tue Aug 12, 2008 at 07:45:23 AM PDT

Free YouTube Downloader | YouTube to iPod | YouTube on PSP | YouTube to MP3 | YouTube to MP4 | YouTube to 3GP | YouTube to AVI | YouTube to MPG | YouTube to WMV | YouTube to DivX | YouTube to MOV | YouTube to WMA | YouTube Ripper YouTube to iPod | YouTube to iPhone | YouTube to PSP | YouTube to Zune | YouTube to MP4 | YouTube to Apple TV | YouTube to 3GP | iPod to PC Transfer

[ Parent | Reply to This ]


ss[ Parent | Reply to This ] (none / 0) (#40)
by Anonymous User on Thu Aug 14, 2008 at 03:03:32 AM PDT

Free YouTube Downloader | YouTube to iPod | YouTube on PSP | YouTube to MP3 | YouTube to MP4 | YouTube to 3GP | YouTube to AVI | YouTube to MPG | YouTube to WMV | YouTube to DivX | YouTube to MOV | YouTube to WMA | YouTube Ripper YouTube to iPod | YouTube to iPhone | YouTube to PSP | YouTube to Zune | YouTube to MP4 | YouTube to Apple TV | YouTube to 3GP | iPod to PC Transfer

[ Parent | Reply to This ]


PayPal Spoof E-mail Isn't Itself a Spoof | 120 comments (120 topical) | Post A Comment
Display: Sort:

Menu
create account
faq
search

Login
Make a new account
Username:
Password:

 HOME  NEWS  COLUMNS  BLOGS  PODCASTS  TECHNOLOGIES  TEST CENTER  EVENTS  CAREERS  IT EXEC-CONNECT   About Awards Contact Us 

Copyright © 2006, Reprints, Permissions, Licensing, IDG Network, Privacy Policy.
All Rights reserved. InfoWorld is a leading publisher of technology information and product reviews on topics including viruses,
phishing, worms, firewalls, security, servers, storage, networking, wireless, databases, and web services.

 ComputerWorld :: LinuxWorld :: Network World :: CIO :: PC World :: Darwin :: CMO :: CSO
IT Careers :: JavaWorld :: Macworld :: Mac Central :: Playlist :: GamePro :: GameStar :: Gamerhelp
ITWorld Canada :: Computerwoche :: Techworld UK :: tecChannel :: IDG.se :: IDG.no :: IDG.pl

create account | faq | search