Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: So-called ‘phish’ received  (Read 2902 times)

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
So-called ‘phish’ received
« on: October 30, 2018, 08:01:00 PM »

I received a weird email, supposedly from accounts@dynadot.com. They are a domain registrar, and I do currently use them. The email was from the correct server, looking into the headers. It had info in it that was related to some of my domains but said that they had already expired, when in fact there is a year left, so the info was partly incorrect so it could have come from some dodgy third party who had been looking at whois. The email system’s anti-spam system gave it a large spam score because it claimed that this was a phish (3 points for something I forget relating to a phishing-related characteristic idiom) but try as I might I could not see it. I can’t see anything wrong with the email raw text, and there is a url in it but it just points to the dynamite website and is nothing dodgy, so no attempt to mislead with a tricky url and take me to another site.

Has anyone else had emails that have been marked as a phish for no reason?

The fact remains that the email text is just factually wrong. But there is nothing to gain by it. The only other thing I can think of is that it is a straight bug in dynadot’s systems and they are sending out emails at the wrong time, because the quoted domains’ expiry dates were exactly a year too early, as if based on old info, or else it’s an out-by-one bug in some code. The email source IP is correct though. And nothing explains why it was thought to be a phish.

Could it be that some user mistakenly reported a genuine message as a phish and thus polluted the system, maligning dynadot? I could of course send them the email and ask them what they make of it. But the mystery remains.

Perhaps I have just overlooked something in the raw text, especially in the headers, but it is nit an enormously complicated example.
Logged

burakkucat

  • Respected
  • Senior Kitizen
  • *
  • Posts: 38300
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: So-called ‘phish’ received
« Reply #1 on: October 30, 2018, 09:11:49 PM »

Could it be that some user mistakenly reported a genuine message as a phish and thus polluted the system, maligning dynadot?

If that was the case, it would have to be somebody who uses a scanning utility that accesses the same back-end database as is used for scanning your incoming mail.

Quote
I could of course send them the email and ask them what they make of it.

That would be my course of action.
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: So-called ‘phish’ received
« Reply #2 on: October 31, 2018, 12:46:01 AM »

Concerning the idea about the incorrect reporting of it as a phish, maybe my mail system gets data about evildoers from some external source that ultimately gets data from some system that has users contributing reports to it. Could that be the case?
Logged

burakkucat

  • Respected
  • Senior Kitizen
  • *
  • Posts: 38300
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: So-called ‘phish’ received
« Reply #3 on: October 31, 2018, 01:08:26 AM »

Concerning the idea about the incorrect reporting of it as a phish, maybe my mail system gets data about evildoers from some external source that ultimately gets data from some system that has users contributing reports to it. Could that be the case?

Yes, I think you have described what I was attempting express, earlier.
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.
 

anything