NormanS
Premium,MVM
join:2001-02-14
San Jose, CA
 ·Pacific Bell - SBC
| reply to kdeuser
Re: Phishing E-Mail
You should have bracketed those headers with a pair of "code" tags. That would have avoided the margin blow out.
The source of this email is some Hotmail account.
Bellsouth has long blocked outbound port 25, as has AT&T (Worldnet Service). SBC joined the list of ISPs blocking outbound port 25 in the Spring of 2005. So that covers the mergers bringing us to the current AT&T (all of which blocks outbound port 2). Many other ISPs block outbound port 25, or are moving toward such blocks. The result is that spammers are finding it harder to use compromised residential hosts to connect directly to domain gateway (MX) servers to inject spam into those systems.
In addition, more ISPs are setting up authenticated SMTP message submission servers in order to allow their users to access those servers from wireless hotspots, hotels, libraries, and the like. So spammers have found that it is worth the effort to use social engineering to "phish" for email login credentials (as your example demonstrates). The hapless user who complies with this bogus demand gives up his account access to a spammer, who can now send spam through the authenticated SMTP message submission server.
I have actually seen a couple of examples, where the spammer used a compromised Comcast account to send spam using stolen ATTIS email accounts. This resulted in the ATTIS SMTP servers being listed for spam, incidentally.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
