Interesting People mailing list archives
more on Advanced Paypal phish - uses faked functional address bar
From: David Farber <dave () farber net>
Date: Thu, 1 Dec 2005 11:30:43 -0500
Begin forwarded message: From: Rich Kulawiec <rsk () gsp org> Date: December 1, 2005 11:04:01 AM EST To: Charles Pinneo <pinneo () sbcglobal net> Cc: David Farber <dave () farber net>Subject: Re: [IP] more on Advanced Paypal phish - uses faked functional address bar
Paypal says to send theirs to <spoof () paypal com>. Do most people know this?
I doubt it; there's no reason for them to. What Paypal (and everyone else) _should_ be doing is following RFC 2142, which specifies that "abuse" is the correct address for every domain to receive abuse reports -- whether those reports pertain to abuse *by*the domain (or its customers, etc.) or *of* the domain (or its customers). This is not only specified in the RFC, but it's a well-known best practice,
and has been for years.Unfortunately, many domains have chosen to ignore this -- or to "support" it in a way that renders it effectively unusable. Those methods include:
- routing its traffic to the bit-bucket - routing its traffic to an autoresponder that directs senders to use a web form -- thus deliberately making it as difficult as possible for users to report abuse, c.f. "hoop-jumping". - routing its traffic to an ignore-bot - using spam/virus filtering methods on the address that make it impossible to report spam/virus incidents to the address - forwarding complaints to those being complained about, thus handing over victims' data to the abusers and facilitating spammer "list-washing" and various forms of revenge attacks - routing its traffic to untrained/incompetent staff whose response is either that the complaint is in error or has been resolved (Hotmail and Yahoo, are particularly well-known for this) - refusing to investigate any complaint not filed by their own customers - allowing the abuse mailbox to reach its quota and reject subsequent messages (Comcast prefers this approach) and so on. Happily, There are some exceptions to this: some operations (correctly) consider every abuse complaint as a possible indicator of a security emergency, requiring immediate attention from senior personnel until resolved. Unsurprisingly, these well-run operations don't have to field many abuse complaints, because the same diligence and professionalism that allows them to respond promptly and effectively also enables them to pro-actively address many issues *before* abuse actually occurs. But unfortunately, these are the exceptions; the rule is that for most operations, handling abuse traffic is a reluctant afterthought at best, and thus we have...what we have. ---Rsk ------------------------------------- You are subscribed as lists-ip () insecure org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- more on Advanced Paypal phish - uses faked functional address bar David Farber (Dec 01)