You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by jdow <jd...@earthlink.net> on 2004/12/21 07:32:51 UTC
70_sare_spoof.cf vis a vis paypal
PayPal seems to have started using PostDirect for their email service.
So the PayPal spoof test is breaking, rather dramatically.
=============
Return-Path: <pa...@email.paypal.com>
X-Original-To: jdow@XXX
Delivered-To: jdow@XXX
Received: from localhost (XXX [127.0.0.1])
by XXX (Postfix) with ESMTP id BFC7524383
for <jd...@XXX>; Mon, 20 Dec 2004 20:17:32 -0800 (PST)
Status: U
Received: from smtp.earthlink.net [207.217.121.213]
by localhost with POP3 (fetchmail-6.2.5)
for jdow@XXX (single-drop); Mon, 20 Dec 2004 20:17:32 -0800 (PST)
Received: from firebird.postdirect.com ([206.165.246.85])
by tanager.mail.pas.earthlink.net (EarthLink SMTP Server) with ESMTP id
1cGBrH60f3NZFmQ0
for <jd...@earthlink.net>; Mon, 20 Dec 2004 20:16:25 -0800 (PST)
Received: from postdirect.com (tiburon.postdirect.com [192.168.24.142])
by firebird.postdirect.com (Postfix) with ESMTP id 116406489589D
for <jd...@earthlink.net>; Mon, 20 Dec 2004 20:16:24 -0800 (PST)
DATE: Mon, 20 Dec 2004 20:16:23 PST
From: PayPal <pa...@email.paypal.com>
Subject: Changes to Winning Buyer Notification Email
To: "Joanne Dow" <jd...@earthlink.net>
Reply-To: PayPal.67l4p98-r.h0@email.paypal.com
Errors-To: PayPal.67l4p98-r.h0@email.paypal.com
MIME-Version: 1.0
Content-Type: text/html; charset=us-ascii
Message-Id: <20...@firebird.postdirect.com>
===========
(XXX replaces my internal address.)
{^_^}
Re: 70_sare_spoof.cf vis a vis paypal
Posted by jdow <jd...@earthlink.net>.
From: "Kelson" <ke...@speed.net>
> jdow wrote:
> > PayPal seems to have started using PostDirect for their email service.
> > So the PayPal spoof test is breaking, rather dramatically.
>
> It looks like this has already been taken care of at PostDirect's end.
> Reverse DNS for 206.165.246.85 now resolves to email-85.paypal.com.
>
> Once the DNS change propagates, it should be fine.
>
> --
> Kelson Vibber
> SpeedGate Communications <www.speed.net>
I did send them a nasty gram, that turned nasty after trying to post
the message as a phish attempt to their website and having it rejected
as having illegal characters in it, about this state of affairs. When I
got their email acknowledge I pasted the message to a reply. I'm afraid
I was a little less than courteous and not at all forgiving about giving
such a financial phish a score over 100 and not being willing to CONSIDER
changing that.
(The emails come from a set of different addresses. This was the second
one they sent me via PhishDirect.)
{^_^}
Re: 70_sare_spoof.cf vis a vis paypal
Posted by Kelson <ke...@speed.net>.
jdow wrote:
> PayPal seems to have started using PostDirect for their email service.
> So the PayPal spoof test is breaking, rather dramatically.
It looks like this has already been taken care of at PostDirect's end.
Reverse DNS for 206.165.246.85 now resolves to email-85.paypal.com.
Once the DNS change propagates, it should be fine.
--
Kelson Vibber
SpeedGate Communications <www.speed.net>