OT: Bad web site
Kenneth Brody
kenbrody at spamcop.net
Thu Jan 26 09:14:40 PST 2017
On 1/26/2017 12:05 PM, Fairlight via Filepro-list wrote:
[...]
> When in doubt, display the -full- headers of the email, and look at the
> Received: headers. Those are in order from latest to earliest. You want
> to look at the bottom-most one(s) and see if it originated inside a
> legitimate Adobe network. If there are only IP#s, you can use IP Whois at
> dnstools.com to find out who currently owns the netblock.
>
> Usually it's pretty clear-cut whether something is legit or phishing, when
> you look at those headers.
>
> I have seen mail which purports to be from Microsoft, but originated in
> some God-forsaken country. Happens all the time. PayPal is one of the
> most frequently faked senders, and phishers do an excellent job of using
> their assets to impersonate them, but there's no escaping Received:
> tracing.
There's no escaping the Received tracing, but there's no guarantee that the
bottom-most entries are real. A scammer could insert a few fake ones to
look like it came from the expected company. However, if you were to trace
the entire Received chain, you would find out otherwise.
--
Kenneth Brody
More information about the Filepro-list
mailing list