[Owasp-Malaysia] Email Scam In Malay

Hasanuddin Abu Bakar hasanuddin at sigmarectrix.com
Fri Oct 8 03:19:25 EDT 2010


DNSSEC will come in handy. Standby mister Amir Haris


On Fri, Oct 8, 2010 at 3:17 PM, Ang Chin Han <ang.chin.han at gmail.com> wrote:

> On Fri, Oct 8, 2010 at 2:48 PM, Harisfazillah Jamel
> <linuxmalaysia at gmail.com> wrote:
> > Anyone any idea. If the email address also been spoof? Any tools can
> > do this. From the header I do found it valid.
> >
> > 98.138.83.126 -> Address for Yahoo.. Yes Its to my Yahoo account.
> >
> > 65.55.90.146 -> Coming from Micorosft Network
> >
> > http://www.ip-adress.com/ip_tracer/65.55.90.146
> >
> > This email may origin from email client from IP 120.140.22.218 -> SMTP
> > send through MSN network.
> >
> > Any comment?
>
> :(
>
> Email admins should have known about Sender Policy Framework:
> http://en.wikipedia.org/wiki/Sender_Policy_Framework
> yahoo.com doesn't use it, though.
>
> Say, foo at hotmail.com
>
> $ dig txt hotmail.com
>
> hotmail.com.            3600    IN      TXT     "v=spf1 include:
> spf-a.hotmail.com
> include:spf-b.hotmail.com include:spf-c.hotmail.com
> include:spf-d.hotmail.com ~all"
>
> $ dig spf-a.hotmail.com spf-b.hotmail.com spf-c.hotmail.com | grep spf1
>
> spf-a.hotmail.com.      3544    IN      TXT     "v=spf1 ip4:
> 209.240.192.0/19
> ip4:65.52.0.0/14 ip4:131.107.0.0/16 ip4:157.54.0.0/15
> ip4:157.56.0.0/14 ip4:157.60.0.0/16 ip4:167.220.0.0/16
> ip4:204.79.135.0/24 ip4:204.79.188.0/24 ip4:204.79.252.0/24
> ip4:207.46.0.0/16 ip4:199.2.137.0/24 ~all"
> spf-b.hotmail.com.      3565    IN      TXT     "v=spf1 ip4:
> 199.103.90.0/23
> ip4:204.182.144.0/24 ip4:204.255.244.0/23 ip4:206.138.168.0/21
> ip4:64.4.0.0/18 ip4:65.54.128.0/17 ip4:207.68.128.0/18
> ip4:207.68.192.0/20 ip4:207.82.250.0/23 ip4:207.82.252.0/23
> ip4:209.1.112.0/23 ~all"
> spf-c.hotmail.com.      3593    IN      TXT     "v=spf1 ip4:
> 209.185.128.0/23
> ip4:209.185.130.0/23 ip4:209.185.240.0/22 ip4:216.32.180.0/22
> ip4:216.32.240.0/22 ip4:216.33.148.0/22 ip4:216.33.151.0/24
> ip4:216.33.236.0/22 ip4:216.33.240.0/22 ip4:216.200.206.0/24
> ip4:204.95.96.0/20 ~all"
>
> And those should be the IP block ranges where foo at hotmail.com should
> be coming in from.
>
> Caveat lector: it's the first time I'm actually looking these up.
> _______________________________________________
> Owasp-Malaysia mailing list
> Owasp-Malaysia at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>
> OWASP Malaysia Wiki
> http://www.owasp.org/index.php/Malaysia
>
> OWASP Malaysia Wiki Facebook
> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>



-- 
Hasanuddin Abu Bakar
GSEC #28858
IT Security Engineer
+6017 913 1983

Sigma Rectrix Systems (M) Sdn Bhd
No.15 & 15-1, Jalan Equine 9A,
Equine Park, Bandar Putra Permai
43300 Seri Kembangan Selangor
URL             : www.sigmarectrix.com

Phone        : 03-89486696
Fax              : 03-89487796
Helpdesk  : 03-89486596
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-malaysia/attachments/20101008/26a81fc0/attachment-0001.html 


More information about the Owasp-Malaysia mailing list