Computer Software > Security

So-called ‘phish’ received

(1/1)

Weaver:
I received a weird email, supposedly from accounts@dynadot.com. They are a domain registrar, and I do currently use them. The email was from the correct server, looking into the headers. It had info in it that was related to some of my domains but said that they had already expired, when in fact there is a year left, so the info was partly incorrect so it could have come from some dodgy third party who had been looking at whois. The email system’s anti-spam system gave it a large spam score because it claimed that this was a phish (3 points for something I forget relating to a phishing-related characteristic idiom) but try as I might I could not see it. I can’t see anything wrong with the email raw text, and there is a url in it but it just points to the dynamite website and is nothing dodgy, so no attempt to mislead with a tricky url and take me to another site.

Has anyone else had emails that have been marked as a phish for no reason?

The fact remains that the email text is just factually wrong. But there is nothing to gain by it. The only other thing I can think of is that it is a straight bug in dynadot’s systems and they are sending out emails at the wrong time, because the quoted domains’ expiry dates were exactly a year too early, as if based on old info, or else it’s an out-by-one bug in some code. The email source IP is correct though. And nothing explains why it was thought to be a phish.

Could it be that some user mistakenly reported a genuine message as a phish and thus polluted the system, maligning dynadot? I could of course send them the email and ask them what they make of it. But the mystery remains.

Perhaps I have just overlooked something in the raw text, especially in the headers, but it is nit an enormously complicated example.

burakkucat:

--- Quote from: Weaver on October 30, 2018, 08:01:00 PM ---Could it be that some user mistakenly reported a genuine message as a phish and thus polluted the system, maligning dynadot?

--- End quote ---

If that was the case, it would have to be somebody who uses a scanning utility that accesses the same back-end database as is used for scanning your incoming mail.


--- Quote ---I could of course send them the email and ask them what they make of it.

--- End quote ---

That would be my course of action.

Weaver:
Concerning the idea about the incorrect reporting of it as a phish, maybe my mail system gets data about evildoers from some external source that ultimately gets data from some system that has users contributing reports to it. Could that be the case?

burakkucat:

--- Quote from: Weaver on October 31, 2018, 12:46:01 AM ---Concerning the idea about the incorrect reporting of it as a phish, maybe my mail system gets data about evildoers from some external source that ultimately gets data from some system that has users contributing reports to it. Could that be the case?

--- End quote ---

Yes, I think you have described what I was attempting express, earlier.

Navigation

[0] Message Index

Go to full version