Internet and e-mail policy and practice
including Notes on Internet E-mail


2007
Months
Feb

Click the comments link on any story to see comments or add your own.


Subscribe to this blog


RSS feed


Home :: Email

05 Feb 2007

Postini sends out Paypal phishes Email

Yes, that's what I said. And if you don't believe me, here it is, exactly as received except for snipping out a few locally added headers that identify the address they sent it to, an often scraped address that gets a mountain of spam.

If you look at the received headers, it came from exprod6ob55.obsmtp.com (64.18.1.190). The domain obsmtp.com is Postini, and 64.18.1.190 is in netblock 64.18.0.0/20 which is assigned to Postini. There is no question it came directly from them.

The source 66.123.63.227 is a Pacbell DSL line assigned to a patent law firm, presumably a Postini customer, that appears to have a zombie problem. But I am mostly wondering how a company which, the last I heard, claims to do spam filtering, sends out phishes so obvious that when I run them through spamassassin they score 17.0.

Return-Path: <admin@paypal.com>
Received: (qmail 16875 invoked from network); 5 Feb 2007 16:10:40 -0000
Received: from exprod6ob55.obsmtp.com (64.18.1.190)
  by mail2.iecc.com with SMTP; 5 Feb 2007 16:10:39 -0000
Received: from source ([66.123.63.227]) by exprod6ob55.postini.com
    ([64.18.5.12]) with SMTP;
    Mon, 05 Feb 2007 08:10:36 PST
Received: from User ([216.211.25.83]) by ntfs1.domain1.local with Microsoft
    SMTPSVC(6.0.3790.1830);
     Mon, 5 Feb 2007 08:09:30 -0800
From: "PayPal" <admin@paypal.com>
Subject: Please Verify Your Account !
Date: Mon, 5 Feb 2007 11:09:30 -0500
MIME-Version: 1.0
Content-Type: text/html;
    charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 1
X-MSMail-Priority: High
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: <NTFS15euwdUTaGmvSVM000023f0@ntfs1.domain1.local>
X-OriginalArrivalTime: 05 Feb 2007 16:09:31.0112 (UTC)
    FILETIME=[04D48680:01C74940]
Original-sender: admin@paypal.com
 
<IMG src="https://www.paypal.com/en_US/i/logo/paypal_logo.gif"
border=0></A>  <TABLE cellSpacing=0 cellPadding=0 width=600 align=center
border=0>
<TBODY>
<TR>
<TD colSpan=3><IMG height=2 src="pp.files/pixel.gif"
width=2></TD></TR></TBODY></TABLE>
<P><FONT size=2><FONT face=Verdana>Dear valued <STRONG><STRONG><SPAN
style="FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY:
Verdana">PayPal<SUP>®</SUP></SPAN></STRONG> </STRONG>member</FONT>
: <BR></FONT><BR></P>
<P><FONT face=Verdana size=2>It has come to our attention that your <SPAN
style="FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY:
Verdana"><STRONG>PayPal<SUP>®</SUP></STRONG></SPAN> account information
needs to be <BR>updated as part of our continuing commitment to protect your
account and to <BR>reduce the instance of fraud on our website. </FONT><FONT
face=Verdana size=2><FONT face=Verdana size=2> If you could please take 5-10
minutes <BR>out of your </FONT><FONT face=Verdana size=2>online </FONT><FONT
face=Verdana size=2>experience and update your personal records you will not
run into <BR>any future </FONT><FONT face=Verdana size=2>problems with the
online service.
</FONT></P>
<P><FONT face=Verdana size=2>However, failure to update your records will
result in account suspension. <BR>Please update your records on or
before <FONT color=red><STRONG>December 15,
2007</STRONG>.</FONT> <BR><BR>Once you have updated your account records,
your <SPAN style="FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY:
Verdana"><STRONG>PayPal<SUP>®</SUP></STRONG></SPAN> session will not
be <BR>interrupted and will continue as normal. </FONT></P>
<P><FONT face=Verdana size=2>To update your <SPAN style="FONT-SIZE: 10pt;
COLOR: black; FONT-FAMILY:
Verdana"><STRONG>PayPal<SUP>®</SUP></STRONG></SPAN> records click on the
following link: <BR></FONT><br><a target="_parent"
href="http://216.169.155.89/~bosco/start.html" target=_self><FONT
face=Verdana
size=2>http://www.paypal.com/cgi-bin/webscr?cmd=_login-run</FONT></A>
 
<P><FONT face=Verdana size=2></FONT> </P>
<P><FONT face=Verdana size=2>Thank You.  <BR><SPAN style="FONT-SIZE: 10pt;
COLOR: black; FONT-FAMILY: Verdana"><STRONG>PayPal<SUP>® </SUP><SPAN
style="FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: Verdana">UPDATE
</SPAN></STRONG><SPAN style="FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY:
Verdana"><STRONG>TEAM</STRONG></SPAN></SPAN>      </P>
<P><FONT face=Verdana size=2>Accounts Management As outlined in our User
Agreement, <SPAN style="FONT-SIZE: 10pt COLOR: black FONT-FAMILY:
Verdana"><STRONG>PayPal<SUP>®</SUP></STRONG></SPAN> will <BR>periodically
send you information about site changes and enhancements. </FONT></P>
<P><FONT face=Verdana size=2>Visit our Privacy Policy </FONT><FONT
face=Verdana size=2>and User Agreement if you have any
questions. <BR></FONT><a target="_parent"
href="http://www.paypal.com/cgi-bin/webscr?cmd=p/gen/ua/policy_privacy-
outside"><FONT face=Verdana
size=2>http://www.paypal.com/cgi-bin/webscr?cmd=p/gen/ua/policy_privacy
-outside</FONT></A></P>
<P> </P></FORM></FONT></FONT>

  posted at: 23:24 :: permanent link to this entry :: 19 comments
Stable link is https://jl.ly/Email/postini.html

Topics


My other sites

Who is this guy?

Airline ticket info

Taughannock Networks

Other blogs

CAUCE
Remembering JD Falk - 10 years later
220 days ago

A keen grasp of the obvious
New Hope for the Dead
462 days ago

Related sites

Coalition Against Unsolicited Commercial E-mail

Network Abuse Clearinghouse



© 2005-2020 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will not give, sell, or otherwise transfer addresses maintained by this website to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.