[Dshield] E-mail verification request from pgp.com?
jim.mccullough at gmail.com
Mon Oct 3 00:32:41 GMT 2005
I have a contact with PGP Corp, Japan. I will ask him about this and see if
he might can provide if it is valid from PGP.
On 10/2/05, Laurent Saplairoles <lsaplai at telus.net> wrote:
> Hi all
> I have just received what looks like a suspicious e-mail to me and need to
> know your opinion about it. Being a user of PGP, I have received and
> from pgp.com <http://pgp.com> asking to verify my e-mail address by
> clicking on a link that
> leads to: https://keyserver2.pgp.com
> The received header are:
> Received: from keyserver2.pgp.com <http://keyserver2.pgp.com> [
> 22.214.171.124 <http://126.96.36.199>] by megassistance.com<http://megassistance.com>with
> (SMTPD-8.21) id A93404E8; Sat, 01 Oct 2005 01:30:44 -0700
> Received: from keyserver2.pgp.com <http://keyserver2.pgp.com> (
> localhost.localdomain [127.0.0.1 <http://127.0.0.1>])
> by keyserver2.pgp.com <http://keyserver2.pgp.com> (PGP Universal) with
> ESMTP id EFDF3154D08
> for <lsaplai at megassistance.com>; Sat, 1 Oct 2005 01:30:49 -0700 (PDT)
> Received: from keyserver2.pgp.com <http://keyserver2.pgp.com> ([127.0.0.1<http://127.0.0.1>
> by keyserver2.pgp.com <http://keyserver2.pgp.com> (PGP Universal service);
> Sat, 01 Oct 2005 01:30:49 -0700
> and from a structural point of view this message looks legit (DN matches
> IP...). Nevertheless, it is very suspicious: I do not expect to receive
> kind of message from eBay or my bank. Why would PGP, which is supposed to
> attest of my "identity" use what looks pretty much a phishing technique?
> Should I worry? The message was caught as spam by popfile? Should I
> as legit?
> Thanks in advance for your input.
> Using .Net? Need to know more about .Net Security?
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see:
More information about the list