Ed Foster's Gripelog || Comments PayPal Spoof E-mail Isn't Itself a Spoof

INFOWORLD GRIPE LINE BY ED FOSTER

Display: Sort:

PayPal Spoof E-mail Isn't Itself a Spoof | 120 comments (120 topical) | Post A Comment

Re: It was covered by anti-forgery technology...[ Parent | Reply to This ] (none / 0) (#3)
by Anonymous User on Mon Aug 08, 2005 at 11:06:54 AM PDT

Regarding the SPF headers: It is trivially easy for any spammer (or anyone with even a moderate knowledge of the mechanics of e-mail) to add any fake header they want, including a fake "X-SPF-Passed: True" header. Spammers and phishers have a vested interest in exploiting these technologies to the maximum possible extent. SPF can be exploited by phishers and spammers to make their mail seem more authentic and credible. SPF is not an end-user mechanism. Unless you know the *exact* behavior of the mail server receiving the message, what *exact* headers are added, how fake headers are handles, *exactly* how the checks are performed, etc., these checks are of no value to the end user. They are for the mail server administrator or postmaster.

[ Parent | Reply to This ]

It's not that complex.[ Parent | Reply to This ] (none / 0) (#7)
by foxyshadis1 on Tue Aug 09, 2005 at 06:22:44 PM PDT

All you need to know is whether your mail server supports SPF. If it does, then it'll detect that the message says it's coming from paypal.com but isn't on their SPF list and dispose of it. If your mailer doesn't, spammers are free to do whatever they want to the message, obviously.

[ Parent | Reply to This ]

PayPal Spoof E-mail Isn't Itself a Spoof | 120 comments (120 topical) | Post A Comment

Display: Sort:

Menu

· create account
· faq
· search

Login

Make a new account

Username:

Password:

HOME NEWS COLUMNS BLOGS PODCASTS TECHNOLOGIES TEST CENTER EVENTS CAREERS IT EXEC-CONNECT About Awards Contact Us

Copyright © 2006, Reprints, Permissions, Licensing, IDG Network, Privacy Policy.
All Rights reserved. InfoWorld is a leading publisher of technology information and product reviews on topics including viruses,
phishing, worms, firewalls, security, servers, storage, networking, wireless, databases, and web services.

ComputerWorld :: LinuxWorld :: Network World :: CIO :: PC World :: Darwin :: CMO :: CSO
IT Careers :: JavaWorld :: Macworld :: Mac Central :: Playlist :: GamePro :: GameStar :: Gamerhelp
ITWorld Canada :: Computerwoche :: Techworld UK :: tecChannel :: IDG.se :: IDG.no :: IDG.pl

create account | faq | search

	HOME NEWS COLUMNS BLOGS PODCASTS TECHNOLOGIES TEST CENTER EVENTS CAREERS IT EXEC-CONNECT	About Awards Contact Us
Copyright © 2006, Reprints, Permissions, Licensing, IDG Network, Privacy Policy. All Rights reserved. InfoWorld is a leading publisher of technology information and product reviews on topics including viruses, phishing, worms, firewalls, security, servers, storage, networking, wireless, databases, and web services. ComputerWorld :: LinuxWorld :: Network World :: CIO :: PC World :: Darwin :: CMO :: CSO IT Careers :: JavaWorld :: Macworld :: Mac Central :: Playlist :: GamePro :: GameStar :: Gamerhelp ITWorld Canada :: Computerwoche :: Techworld UK :: tecChannel :: IDG.se :: IDG.no :: IDG.pl