[Dshield] E-mail verification request from pgp.com?

Don Jackson dwjackson at bcbsal.org
Mon Oct 3 14:04:30 GMT 2005


PGP Corp has been doing this since about the time 9.0 was released.
It's supposed to be a way to verify email addresses and keep
"bogus" keys out of theor key server.

All requests to verify my keys were legitimate; however, I'm not
saying the ones you received are.

Admittedly, including a  link in the email is not the way any company
wants to operate in today's environment.

I would have preferred "Please visit PGP, log in, and verify your keys
using code XYZ."

>>> palmer at telus.net 10/3/2005 7:39 AM >>>
Very good example of what we are seeing more of lately.  How to verify the 
integrity of email header info, there are often so many lies in there!  I 
hope some ISP's are listening and they realize they must shoulder the 
responsibility to verify traffic before passing it to ordinary users like 
me!  Meanwhile, as we wait for ISP action, a little paranoia is a good 
thing.

----- Original Message ----- 
From: "Laurent Saplairoles" <lsaplai at telus.net>
To: "General DShield Discussion List" <list at lists.dshield.org>
Sent: Sunday, October 02, 2005 3:19 PM
Subject: [Dshield] E-mail verification request from pgp.com?


> Hi all
>
> I have just received what looks like a suspicious e-mail to me and need to
> know your opinion about it. Being a user of PGP, I have received and 
> e-mail
> from pgp.com asking to verify my e-mail address by clicking on a link that
> leads to: https://keyserver2.pgp.com 
>
> The received header are:
> Received: from keyserver2.pgp.com [63.251.255.31] by megassistance.com 
> with
> ESMTP
>  (SMTPD-8.21) id A93404E8; Sat, 01 Oct 2005 01:30:44 -0700
> Received: from keyserver2.pgp.com (localhost.localdomain [127.0.0.1])
> by keyserver2.pgp.com (PGP Universal) with ESMTP id EFDF3154D08
> for <lsaplai at megassistance.com>; Sat,  1 Oct 2005 01:30:49 -0700 (PDT)
> Received: from keyserver2.pgp.com ([127.0.0.1])
>  by keyserver2.pgp.com (PGP Universal service);
>  Sat, 01 Oct 2005 01:30:49 -0700
>
> and from a structural point of view this message looks legit (DN matches
> IP...). Nevertheless, it is very suspicious: I do not expect to receive 
> this
> kind of message from eBay or my bank. Why would PGP, which is supposed to
> attest of my "identity" use what looks pretty much a phishing technique?
>
> Should I worry? The message was caught as spam by popfile? Should I 
> reclassify
> as legit?
>
> Thanks in advance for your input.
>
> Cheers!
>
> -- 
> Laurent
>
> 

_________________________________________
Using .Net? Need to know more about .Net Security?
http://isc.sans.org/banner_count.php?dest=dotnet 

_______________________________________________
send all posts to list at lists.dshield.org 
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list 



*** *** *** *** *** *** *** *** *** ***
  CONFIDENTIALITY NOTICE  
This e-mail is intended for the sole use of the individual(s) to whom it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law.  You are hereby notified that any dissemination, duplication, or distribution of this transmission by someone other than the intended addressee or its designated agent is strictly prohibited.  If you receive this e-mail in error, please notify me immediately by replying to this e-mail.
*** *** *** *** *** *** *** *** *** ***



More information about the list mailing list