mip: mail fraud? Anybody seen this?

Julian Field MailScanner at ecs.soton.ac.uk
Tue Nov 11 17:21:36 GMT 2008


If anyone else can tell me what mip: is, I'll think about adding it to 
the phishing net so it gets ignored as a URL.

On 11/11/08 16:42, Jeff A. Earickson wrote:
> Julian,
>
> First, I hope that you and your various internal organs are doing 
> reasonably well.
>
> I got pinged by a user today who asked "why did this copied
> reply get munged up by MailScanner?"
>
>> From: <MailScanner has detected a possible fraud attempt from "mip:"
>> claiming to be xxx at aol.com <mip://0b04f618/xxx@aol.com> >
>> Date: Tue, 11 Nov 2008 08:14:40 EST
>> To: <MailScanner has detected a possible fraud attempt from "mip:" 
>> claiming
>> to be yyy at upanewtonma.org <mip://0b04f618/yyy@upanewtonma.org>
>
> and so on for all of the other email addresses in the quoted reply.
> I would guess that the mip: construct is something that an AOL MTA
> or mail client added.  I googled for it and found zilch.  Anybody
> else seen this?
>
> BTW: running MS 4.72.5-1 on Solaris 10.
>
> Jeff Earickson
> Colby College
>

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the MailScanner mailing list