Robert Heller wrote:
At Thu, 9 Jun 2011 11:00:27 +0200 CentOS mailing list centos@centos.org wrote:
On Thu, June 9, 2011 10:51, Rudi Ahlers wrote:
On Thu, Jun 9, 2011 at 8:39 AM, MR ZenWiz mrzenwiz@gmail.com wrote:
Sorry for the cross-post, and off-topic at that, but:
This morning I received a very authentic looking email from info.paypal.com, claiming that Paypal wanted me to update my browser. (Really.)
It had my name in it and all the right graphics and colors and everything.
Ah, *bing*: colors and graphics. First suggestion: TURN OFF HTML EMAIL, *always*. Looking at it in plain text makes it trivially obvious that the link doesn't point to paypal.
There are reasons that most mailing lists (at least all that I'm on), either reject HTML email, or deliver it as plain text, larded with garbage chars. <snip>
I imagine he means that the mail had a "From:" or even "Reply-To:" header that came from info.paypal.com. Both these headers are trvially forged
As, for the last three weeks or so, I've gotten a *bunch* of bounced emails, or notifications that something couldn't be delivered, because some scumbag has forged my email, putting it into the Reply-To: for their spam. <snip>
The important headers in question are the 'Received:' headers, paying close attention to the one that identifies where the mail entered a legitimate server -- eg one's inbound mail server.
Yep. Look at the chain of them, and mostly at the bottom, or the bottom two, and the Message-ID. If the IP's bogus (as in, 355.x.x.x, or the MessageID is something completely different than where it claims to be from, that's your givaway.
mark