Ed Foster's Gripelog || Comments PayPal Spoof E-mail Isn't Itself a Spoof

INFOWORLD GRIPE LINE BY ED FOSTER

Replying To:

It was covered by anti-forgery technology... (none / 0) (#1)
by adonoho on Fri Aug 05, 2005 at 01:40:27 PM PDT

Ed,
The note from Paypal does use some of the latest deployed anti-spoofing technologies - namely SPF, Sender Policy Framework. For example, in my copy of the mail, the following header was inserted by my mail server:
Received-Spf: pass receiver=XXX.XXX; client-ip=206.165.246.86; envelope-from=paypal@email.paypal.com
What SPF allows is for vendors to identify which machines are authorized to send mail for a domain. And that is how Paypal is using it. SPF is just one of many checks that still need to be done to email to defeat phishing but it is a step in the right direction.
In other words, the state of anti-phishing technology is improving. Yes, the email readers need to be updated to exploit this information. But the net is moving towards making forgery harder.
Andrew
P.S. I have no vested interest in SPF other than using it myself.

Post Comment

You are not logged in. If you don't have a user account yet, by all means go make one! If you do have one, you can post as "yourself" by filling in your nickname and password below. Otherwise, your comment will be posted as Anonymous User.

Create Account
Nickname:
Password:

Post Comment: Post your comment below and then please answer the security question. I apologize for the inconvenience, but it does help deter spammers. -- Ed Foster

Subject:

Comment:

To post your comment, please answer the following security question:
Which of the following is not a color?
White, Aqua, Lemon, Gray, Green, Maroon

Allowed HTML: <A [HREF] [NAME]> <DT> <TT></TT> <OL></OL> <CITE></CITE> <CODE></CODE> <UL></UL> <BLOCKQUOTE [TYPE]></BLOCKQUOTE> <DD> <LI> <DL></DL>

Menu

· create account
· faq
· search

Login

Make a new account

Username:

Password:

HOME NEWS COLUMNS BLOGS PODCASTS TECHNOLOGIES TEST CENTER EVENTS CAREERS IT EXEC-CONNECT About Awards Contact Us

Copyright © 2006, Reprints, Permissions, Licensing, IDG Network, Privacy Policy.
All Rights reserved. InfoWorld is a leading publisher of technology information and product reviews on topics including viruses,
phishing, worms, firewalls, security, servers, storage, networking, wireless, databases, and web services.

ComputerWorld :: LinuxWorld :: Network World :: CIO :: PC World :: Darwin :: CMO :: CSO
IT Careers :: JavaWorld :: Macworld :: Mac Central :: Playlist :: GamePro :: GameStar :: Gamerhelp
ITWorld Canada :: Computerwoche :: Techworld UK :: tecChannel :: IDG.se :: IDG.no :: IDG.pl

create account | faq | search

	HOME NEWS COLUMNS BLOGS PODCASTS TECHNOLOGIES TEST CENTER EVENTS CAREERS IT EXEC-CONNECT	About Awards Contact Us
Copyright © 2006, Reprints, Permissions, Licensing, IDG Network, Privacy Policy. All Rights reserved. InfoWorld is a leading publisher of technology information and product reviews on topics including viruses, phishing, worms, firewalls, security, servers, storage, networking, wireless, databases, and web services. ComputerWorld :: LinuxWorld :: Network World :: CIO :: PC World :: Darwin :: CMO :: CSO IT Careers :: JavaWorld :: Macworld :: Mac Central :: Playlist :: GamePro :: GameStar :: Gamerhelp ITWorld Canada :: Computerwoche :: Techworld UK :: tecChannel :: IDG.se :: IDG.no :: IDG.pl