ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

2010-06-02 16:12:46

On Jun 2, 2010, at 12:28 PM, Brett McDowell wrote:


On Jun 2, 2010, at 2:41 PM, Steve Atkins wrote:


Second...

  steve$ host -t txt _adsp._domainkey.paypal.net    
  _adsp._domainkey.paypal.net has no TXT record
  steve$ host -t txt paypal.net
  paypal.net has no TXT record

... I wasn't going to mention it, but you brought it up. The MX for 
paypal.net will also give a 2xx response to any RCPT TO in the paypal.net 
domain.

...and I wasn't going to mention that I tried to work with you off-list to 
get more information about your phish from paypal.net but you didn't respond. 
  If you get a chance, please do send that along.

I did[1].

It looks like your mailsystem is discarding email it shouldn't. There's a copy 
at http://tupid.org/paypal1.txt if you can't find it.

It seems that paypal is not currently monitoring phishing, nor doing anything 
to deter it, on 99.9% of the domains they own, so have no real idea of what 
phishing is going on. 

Pointing those thousand domains at a catch-all mailserver with a wildcard MX 
and looking for bounces and spamfilter rejections might be a good way of 
getting metrics about how phishers respond to domains being owned by paypal 
over time. Those same metrics after adding SPF and ADSP records for those 
domains over time would be interesting. 
http://blog.wordtothewise.com/2010/05/how-to-disable-a-domain/ has some 
examples of how to set those up.

That's the sort of data gathering I was suggesting you do, rather than just a 
bald count of DNS queries, when I looked at the numbers for my mailbox. 
(There's a copy of my raw data at http://tupid.org/paypal1.sql.txt if anyone is 
interested in running their own model against it.)

(I'm not going to respond to the other misunderstandings unless someone really 
wants me to. I'm guessing most people are long past tl;dr at this point.)

Cheers,
  Steve

[1] May 28 13:54:47 fruitbat postfix/smtp[31990]: DA551814E6: 
to=<bmcdowell(_at_)paypal(_dot_)com>, relay=gort.ebay.com[216.113.167.215]:25, 
delay=0.74, delays=0.17/0/0.45/0.11, dsn=2.0.0, status=sent (250 ok:  Message 
769193797 accepted)
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>