[Dshield] E-mail verification request from pgp.com?
palmer at telus.net
Mon Oct 3 12:39:28 GMT 2005
Very good example of what we are seeing more of lately. How to verify the
integrity of email header info, there are often so many lies in there! I
hope some ISP's are listening and they realize they must shoulder the
responsibility to verify traffic before passing it to ordinary users like
me! Meanwhile, as we wait for ISP action, a little paranoia is a good
----- Original Message -----
From: "Laurent Saplairoles" <lsaplai at telus.net>
To: "General DShield Discussion List" <list at lists.dshield.org>
Sent: Sunday, October 02, 2005 3:19 PM
Subject: [Dshield] E-mail verification request from pgp.com?
> Hi all
> I have just received what looks like a suspicious e-mail to me and need to
> know your opinion about it. Being a user of PGP, I have received and
> from pgp.com asking to verify my e-mail address by clicking on a link that
> leads to: https://keyserver2.pgp.com
> The received header are:
> Received: from keyserver2.pgp.com [184.108.40.206] by megassistance.com
> (SMTPD-8.21) id A93404E8; Sat, 01 Oct 2005 01:30:44 -0700
> Received: from keyserver2.pgp.com (localhost.localdomain [127.0.0.1])
> by keyserver2.pgp.com (PGP Universal) with ESMTP id EFDF3154D08
> for <lsaplai at megassistance.com>; Sat, 1 Oct 2005 01:30:49 -0700 (PDT)
> Received: from keyserver2.pgp.com ([127.0.0.1])
> by keyserver2.pgp.com (PGP Universal service);
> Sat, 01 Oct 2005 01:30:49 -0700
> and from a structural point of view this message looks legit (DN matches
> IP...). Nevertheless, it is very suspicious: I do not expect to receive
> kind of message from eBay or my bank. Why would PGP, which is supposed to
> attest of my "identity" use what looks pretty much a phishing technique?
> Should I worry? The message was caught as spam by popfile? Should I
> as legit?
> Thanks in advance for your input.
More information about the list