MailScanner: August 2005 Archives

Some time ago I wrote about setting up a local mirror for a DNS blacklist using RBLDNSD and Bind. Although that works fine and definitely gives a speed up to servers on the network I'd really like to know what is happening ie. how many queries.

I've mentioned phishing fraud in the past. Most of it is quite well done and almost looks genuine I got one today that was really badly executed The first sign of it being fraudelent was the "from" part. Instead of saying "paypal" or "PayPal" they used "PaYpal", which is incorrect capitalisation. A company the size of Paypal is unlikely to make that kind of mistake The other signal was from MailScanner which had spotted that the link to paypal.com was actually to an IP address.