[Dshield] E-mail verification request from pgp.com?

Valdis.Kletnieks@vt.edu Valdis.Kletnieks at vt.edu
Mon Oct 3 03:08:58 GMT 2005


On Sun, 02 Oct 2005 15:19:02 PDT, Laurent Saplairoles said:

> and from a structural point of view this message looks legit (DN matches 
> IP...). Nevertheless, it is very suspicious: I do not expect to receive this 
> kind of message from eBay or my bank. Why would PGP, which is supposed to 
> attest of my "identity" use what looks pretty much a phishing technique?

I got one of these as well, the headers look legit, and the URLs go to the
right place, and they don't collect any actual personal info.  As far as I
can tell, they're just burping the public keyserver database to get rid of
old and bogus entries - the only info they're getting is "the e-mail address
the key points at is still valid and somebody validated they still want to be
listed in the public keyservers".
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20051002/ed1a6652/attachment.bin


More information about the list mailing list