Phishing domain?

David H. Lipman · Feb 29, 2008

From: "Tim Slattery" <[email protected]>

||
| Not a thing, I use it on my Vista system and my wife's XP SP2 system.
| Very full featured, including a Bayesian SPAM filter. And the price is
| definitely right: free!
|
| www.pmail.com
|

Yes, it is free. However we all suggest a donation to David Harris, New Zealand. David was
going to drop the software for a lack of $$. The outcry was tremendous and David decided to
maintain it. To keep this software maintained and updated, a donation is suggested.

Two newsgroups exist that are specifically targeted at Pegasus Mail - they are
comp.mail.pegasus-mail.misc and comp.mail.pegasus-mail.ms-windows.

DanS · Mar 1, 2008

It happened to me at least three times. I
fished out of my junk mail older ostensibly junk emails that came from
very important but unusual sources.

So basically what you are saying is that MS Mail can't be trusted because
it deletes inportant non-spam mail.

Or is it your hypocritical streak showing again.....

Don't use any third party e-mail application because it may delete e-mails
it shouldn't, so stick with MS Mail because it will delete messages it
shouldn't have also, but that's OK since it's from MS.

David H. Lipman · Mar 1, 2008

From: "DanS" <[email protected]>

| ||
| So basically what you are saying is that MS Mail can't be trusted because
| it deletes inportant non-spam mail.
|
| Or is it your hypocritical streak showing again.....
|
| Don't use any third party e-mail application because it may delete e-mails
| it shouldn't, so stick with MS Mail because it will delete messages it
| shouldn't have also, but that's OK since it's from MS.
|

Quite a paradox :-)

DanS · Mar 1, 2008

From: "DanS" <[email protected]>

| |
|
| So basically what you are saying is that MS Mail can't be trusted
| because it deletes inportant non-spam mail.
|
| Or is it your hypocritical streak showing again.....
|
| Don't use any third party e-mail application because it may delete
| e-mails it shouldn't, so stick with MS Mail because it will delete
| messages it shouldn't have also, but that's OK since it's from MS.
|

Quite a paradox

Yes it is, for some. But for others, well, *some* people can think for
themselves.

Al-Alex on the other hand.......well.......I don't think I need to say
anything. His own words speak loudly enough.

Jay · Mar 1, 2008

DanS said:
Yes it is, for some. But for others, well, *some* people can think for
themselves.

Al-Alex on the other hand.......well.......I don't think I need to say
anything. His own words speak loudly enough.

Still interested to know if anyone knows the answer to my question.
What constitutes a phishing threat in WM?
To my knowledge, phishing is the act of pretending to represent a domain in
the hope that the user will visit a different domain and give their personal
details.
This email did not in any way, shape or form.
It wasn't marked as spam/junk/virus. It clearly stated that the email was a
potential phishing threat and that it was blocking it.
This happens every time this person sends me a mail (but never when sent to
my work (Outlook) address. He is quite concerned why this would happen.
Neither of us can figure why.

David H. Lipman · Mar 1, 2008

From: "Jay" <[email protected]>

|
| Still interested to know if anyone knows the answer to my question.
| What constitutes a phishing threat in WM?
| To my knowledge, phishing is the act of pretending to represent a domain in
| the hope that the user will visit a different domain and give their personal
| details.
| This email did not in any way, shape or form.
| It wasn't marked as spam/junk/virus. It clearly stated that the email was a
| potential phishing threat and that it was blocking it.
| This happens every time this person sends me a mail (but never when sent to
| my work (Outlook) address. He is quite concerned why this would happen.
| Neither of us can figure why.

Often it is a URL string that is used to label an actual URL.

For example. The label of the URL is; http://www.citibank.com but the actual URL is http://www.citibank.254.com.
Software may then identify this as phishing.

This is one of the many reasons corporations are now pushing Group Policies disabling Rich
Text Formatting/HTML email in MS Outlook in conjunction with their Exchange Server and only
allowing clear text email.

Jay · Mar 1, 2008

David H. Lipman said:
From: "Jay" <[email protected]>

|
| Still interested to know if anyone knows the answer to my question.
| What constitutes a phishing threat in WM?
| To my knowledge, phishing is the act of pretending to represent a domain
in
| the hope that the user will visit a different domain and give their
personal
| details.
| This email did not in any way, shape or form.
| It wasn't marked as spam/junk/virus. It clearly stated that the email
was a
| potential phishing threat and that it was blocking it.
| This happens every time this person sends me a mail (but never when sent
to
| my work (Outlook) address. He is quite concerned why this would happen.
| Neither of us can figure why.

Often it is a URL string that is used to label an actual URL.

For example. The label of the URL is; http://www.citibank.com but the
actual URL is http://www.citibank.254.com.
Software may then identify this as phishing.

This is one of the many reasons corporations are now pushing Group
Policies disabling Rich
Text Formatting/HTML email in MS Outlook in conjunction with their
Exchange Server and only
allowing clear text email.

Thanks David, that's exactly what I meant when I said one domain pretending
to be another.
As in your example citibank is a host name in the domain 254.com.
My email is set to read text so I see both the label and the actual URL and
both are identical. I look at the headers and they are all kosher too.
Perhaps their domain got on some sort of phishing blacklist somewhere?

David H. Lipman · Mar 1, 2008

From: "Jay" <[email protected]>

| Thanks David, that's exactly what I meant when I said one domain pretending
| to be another.
| As in your example citibank is a host name in the domain 254.com.
| My email is set to read text so I see both the label and the actual URL and
| both are identical. I look at the headers and they are all kosher too.
| Perhaps their domain got on some sort of phishing blacklist somewhere?

Perhaps. I really don't know.