Last weekend a phishing attack took place against US Bank.
The phisher
spoofed and connected with the appropriate IP for US Bank,
170.135.72.63. How would SPF or Sender ID have managed to catch that
attack?
You mean this thing? A client of mine had a few of these and they didn't
originate from 170.whatever.
--
PGP key (0x0AFA039E):
<http://www.pan-am.ca/consulting(_at_)pan-am(_dot_)ca(_dot_)asc>
Sometimes it's hard to tell where the game ends and where reality bites,
er, begins. <http://vmyths.com/resource.cfm?id=50&page=1>
Received: from mail75.messagelabs.com ([216.82.255.83]) by [deleted] with
Microsoft SMTPSVC(5.0.2195.6713);
Fri, 30 Jul 2004 18:55:37 -0500
X-VirusChecked: Checked
X-Env-Sender: 800USBanks(_at_)usbank-email(_dot_)com
X-Msg-Ref: server-11.tower-75.messagelabs.com!1091231734!3639048
X-StarScan-Version: 5.2.10; banners=-,-,-
X-Originating-IP: [68.112.226.25]
X-SpamInfo: spam detected heuristically
X-Spam-Flag: YES
X-SpamOriginallyTo: [deleted]
X-SpamReason: Yes, hits=50.0 required=7.0 tests=Double IP in prior
Received
Received: (qmail 21202 invoked from network); 30 Jul 2004 23:55:35 -0000
Received: from cpe-68-112-226-25.ma.charter.com (68.112.226.25)
by server-11.tower-75.messagelabs.com with SMTP; 30 Jul 2004 23:55:35 -0000
Received: from 143.6.51.232 by 68.112.226.25; Fri, 30 Jul 2004 22:48:32 -0200
Message-ID: <WUKTKEUICHKEDZRFMIHJ(_at_)yahoo(_dot_)com>
From: "U.S. Bank" <800USBanks(_at_)usbank-email(_dot_)com>
Reply-To: "U.S. Bank" <800USBanks(_at_)usbank-email(_dot_)com>
To: [deleted]
Subject: New U.S. Bank Security Standards
Date: Sat, 31 Jul 2004 03:53:32 +0300
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="--40920341319358678064"
X-Priority: 1
X-IP: 248.174.232.74
Return-Path: 800USBanks(_at_)usbank-email(_dot_)com
X-OriginalArrivalTime: 30 Jul 2004 23:55:37.0494 (UTC)
FILETIME=[B60DC360:01C47690]