survey.medallia.com in phishing.bad.sites.conf?

Paul A Sand pas at unh.edu
Tue May 31 19:44:44 UTC 2016


* Peter Farrow <peter at farrows.org> [2016-05-31 15:21]:
> Also, make no mistake here, it is not an "alleged phish", it was a real phish.
> 
> I would deem this company by its inaction to be a risk, and therefore warrants
> the listing.

We can agree to disagree on that. Erring on the side of caution is
understandable. The trade-off is recipients getting that "definite fraud"
hit-the-panic-button MailScanner notice on messages that aren't fraud
at all. I don't think that's accurately communicating "risk".

And, perhaps you're seeing something I'm not:

> > > http://www.phishtank.com/asn_search.php?asn=30109&valid=All&active=All&Search=Search

Following the links therein, all I can find is a notice that the survey
(allegedly from eBay) has expired, which doesn't seem to be suspicious
by itself.  Maybe it was obvious phishing back in December, but I don't
know that. (The phishtank "vote" on whether it was phishing or not
was only 78%-22% positive, not exactly a slam dunk.)

-- 
-- Paul A Sand <pas at unh.edu>
-- Information Technology / University of New Hampshire
-- http://pubpages.unh.edu/~pas
-- Made from 100% recycled electrons.


More information about the MailScanner mailing list