House o' Shame: Amtrak
John Levine
johnl at iecc.com
Fri Feb 15 16:15:34 EST 2008
> http://amtrak.bfi0.com/.....
>Lesson for phishers: If you want your phish to seem more legit, outsource it
>to Bigfoot Interactive, which seems to lead back to Epsilon Agency Services,
>who specialise in... well, phishing, but for the good guys. I bet the Russian
>Business Network could do it for less though :-).
Having dealt at length with people from BFI/Epsilon, I can confirm that
many of them are not the sharpest needles in the etui.
This problem is well known in the ESP (bulk mail for hire) industry,
and the better ones know how to deal with it. If you are on Orbitz'
mailing list, for example, the mail comes from orbitz at my.orbitz.com,
and the links in the mail all go to http://my.orbitz.com/whatever. Do
a few DNS lookups and you'll find NS records from Orbitz that delegate
my.orbitz.com to Responsys, their ESP. This is a straightforward and
effective way to manage the namespace for outsourced mail, and my
biggest question is why so many ESPs don't do it yet.
R's,
John
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list