mip: mail fraud? Anybody seen this?
MailScanner at ecs.soton.ac.uk
Tue Nov 11 17:21:36 GMT 2008
If anyone else can tell me what mip: is, I'll think about adding it to
the phishing net so it gets ignored as a URL.
On 11/11/08 16:42, Jeff A. Earickson wrote:
> First, I hope that you and your various internal organs are doing
> reasonably well.
> I got pinged by a user today who asked "why did this copied
> reply get munged up by MailScanner?"
>> From: <MailScanner has detected a possible fraud attempt from "mip:"
>> claiming to be xxx at aol.com <mip://firstname.lastname@example.org> >
>> Date: Tue, 11 Nov 2008 08:14:40 EST
>> To: <MailScanner has detected a possible fraud attempt from "mip:"
>> to be yyy at upanewtonma.org <mip://email@example.com>
> and so on for all of the other email addresses in the quoted reply.
> I would guess that the mip: construct is something that an AOL MTA
> or mail client added. I googled for it and found zilch. Anybody
> else seen this?
> BTW: running MS 4.72.5-1 on Solaris 10.
> Jeff Earickson
> Colby College
Julian Field MEng CITP CEng
Buy the MailScanner book at www.MailScanner.info/store
MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner