[LINK] eBay Security Advice
Scott Howard
scott at doc.net.au
Thu Sep 27 23:33:00 AEST 2007
On Thu, Sep 27, 2007 at 03:09:25PM +0200, Kim Holburn wrote:
> Yeah I didn't notice that. It may be a genuine ebay email. I wish
> they wouldn't send out crap like this that looks like phishing emails.
In this case I think we can be fairly sure that the chicken came before
the egg...
No matter what format ebay uses, phishers and spammers are going to
copy it. You can't blame ebay for using the same format as the
spammers when the truth is obviously the other way around.
> >oh, and set your ebay preferences to send you plain text only, not
> >HTML-mail. that's another good way of auto-detecting ebay phishes -
eBay phishes is one area where SPF will actually stop the vast majority
of them. In general SPF isn't a great solution for phishing simply
because the phishers will use fake domain names (ie, comm-bank.com
instead of commbank.com.au) but most ebay phishes do actually claim
to come from an ebay domain (ebay.com, ebay.com.au, etc) so SPF will
detect them.
The only catch is that for some unknown reason ebay only publishes
"soft-fail" SFP records, so you need to configure to treat them as a
fail...
Scott
More information about the Link
mailing list