nanog mailing list archives
Re: ISP phishing
From: Brad Knowles <brad () stop mail-abuse org>
Date: Tue, 28 Jun 2005 16:35:30 -0500
At 5:17 PM -0400 2005-06-28, Mark Tombaugh wrote:
On Thu, 2005-06-23 at 09:54 -0400, Robert Boyle wrote:we enabled a global rule which blocks any email from accounts such as billing, root, postmaster, antivirus, abuse, security, etc. which don't originate from our management IP space where our people work. As a result, we have stopped these phishing scams for our users dead in their tracks.You sound so sure about that... Am I missing something?
Yes. Any billing, root, postmaster, etc... messages that claim to be from his system have to be generated from their management IP space. You may be able to phish their customers by sending them bogus messages of this sort that claim to be from other sites or facilities, but you won't be able to phish his customers by sending them messages like this that claim to be from his system.
I applaud his move, and wish more groups did the same.I recently got hit by a wave of phishing attempts from my own ISP. Unfortunately, the ISP in question refuses to interact with their customers via any method but the web, although they do send out their own notices by e-mail. Of course, none of those accounts will accept bounces or e-mail replies, which is why they're rightfully on the rfc-ignorant black list, among many others.
Fortunately for me, all the phishing attempts were pretty stupid, and failed because they relied too much on Windows-specific attacks, Windows-specific MUAs, etc....
-- Brad Knowles, <brad () stop mail-abuse org> "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." -- Benjamin Franklin (1706-1790), reply of the Pennsylvania Assembly to the Governor, November 11, 1755 SAGE member since 1995. See <http://www.sage.org/> for more info.
Current thread:
- ISP phishing Gadi Evron (Jun 23)
- Re: ISP phishing Robert Boyle (Jun 23)
- Re: ISP phishing Gadi Evron (Jun 23)
- Re: ISP phishing Joel Jaeggli (Jun 23)
- Re: ISP phishing Gadi Evron (Jun 23)
- Re: ISP phishing Joel Jaeggli (Jun 23)
- Re: ISP phishing Valdis . Kletnieks (Jun 23)
- Re: ISP phishing Gadi Evron (Jun 23)
- Re: ISP phishing Robert Boyle (Jun 24)
- Re: ISP phishing Robert Boyle (Jun 23)
- Re: ISP phishing Mark Tombaugh (Jun 28)
- Re: ISP phishing Brad Knowles (Jun 28)
- Re: ISP phishing Paul Wouters (Jun 28)
- Re: ISP phishing Robert Boyle (Jun 28)
- Re: ISP phishing Brad Knowles (Jun 28)
- Re: ISP phishing Tony Finch (Jun 29)
- Re: ISP phishing Mike Leber (Jun 29)
- Re: ISP phishing Suresh Ramasubramanian (Jun 29)
- Re: ISP phishing Peter Corlett (Jun 29)
- Re: ISP phishing Brad Knowles (Jun 30)
- Re: ISP phishing william(at)elan.net (Jun 29)
- Re: ISP phishing Suresh Ramasubramanian (Jun 29)