Confirming the veracity of Email

I've been getting a fair amount of "spam" that purports to come from
eBay asking me to confirm my account details, bank accounts, credit
cards etc, etc. Now this is obviously a scam and I just delete and
ignore it. But it does raise the question in my mind as to how you
can tell if an email does come from who it says it does.
What I'm asking is, how do you authenticate a questionable email?
--

Peter James
Change AT to @ to reply

Peter James

"Peter James" <> wrote in message
news:...
> I've been getting a fair amount of "spam" that purports to come from
> eBay asking me to confirm my account details, bank accounts, credit
> cards etc, etc. Now this is obviously a scam and I just delete and
> ignore it. But it does raise the question in my mind as to how you
> can tell if an email does come from who it says it does.
> What I'm asking is, how do you authenticate a questionable email?
> --
>
> Peter James
> Change AT to @ to reply

a. Have a unique trust realtionship with the sender
b. Have and use common security tools for emails sent between you both which
provide Authentication, Authorisation and Accountability
c. maintain a reasonably good security environment, and hope the other
entity does as well.

Lyal

lyal

"Peter James" <> wrote in message
news:...
> I've been getting a fair amount of "spam" that purports to come from
> eBay asking me to confirm my account details, bank accounts, credit
> cards etc, etc. Now this is obviously a scam and I just delete and
> ignore it. But it does raise the question in my mind as to how you
> can tell if an email does come from who it says it does.
> What I'm asking is, how do you authenticate a questionable email?
> --
>
> Peter James
> Change AT to @ to reply

Personally, I wouldnt authenticate a questionable email.
If its questionable, it goes, if its important and not fake, they will
get in contact via other means.

--
Mimic

ZGF0YWZsZXhAY2FubmFiaXNtYWlsLmNvbQ== ( www.hidemyemail.net )
"Without knowledge you have fear. With fear you create your own nightmares."
"Alzheimer's, cheaper than rohypnol"
"There are 10 types of people in the world. Those that understand Binary,
and those that dont."
"He who controls Google, controls the world".

Mimic

I believe most of these high profile sites state they will never ask
you that type of information in an email, in the same way that M$ will
not send out security updates as email attachments.

Itz Just Me

I realize you know that...but what I mean is it should be apparent
such scams are evident and prey on the ignorance of people.

Itz Just Me

Look at the headers and see where it really came from. Headers can be
spoofed but often the path would show some foreign IP that should not be
there. Then verify that the URL is correctly formed (there is an IE patch to
help).

--

************************************************

g-w


"Peter James" <> wrote in message
news:...
> I've been getting a fair amount of "spam" that purports to come from
> eBay asking me to confirm my account details, bank accounts, credit
> cards etc, etc. Now this is obviously a scam and I just delete and
> ignore it. But it does raise the question in my mind as to how you
> can tell if an email does come from who it says it does.
> What I'm asking is, how do you authenticate a questionable email?
> --
>
> Peter James
> Change AT to @ to reply

kulm_nd

In article <XXH%b.6232$ >,
kulm_nd <g-> wrote:
>Look at the headers and see where it really came from. Headers can be
>spoofed but often the path would show some foreign IP that should not be
>there. Then verify that the URL is correctly formed (there is an IE patch to
>help).
>
>--
>
>*********************************************** *
>
>g-w
>
>
>"Peter James" <> wrote in message
>news:...
>> I've been getting a fair amount of "spam" that purports to come from
>> eBay asking me to confirm my account details, bank accounts, credit
>> cards etc, etc. Now this is obviously a scam and I just delete and
>> ignore it. But it does raise the question in my mind as to how you
>> can tell if an email does come from who it says it does.
>> What I'm asking is, how do you authenticate a questionable email?
>> --
>>
>> Peter James
>> Change AT to @ to reply
>
>

Ebay and PayPal have a "spoof@xxx" to check out possible
phishmail. Forward questionable mails to them if there's
any doubt. Dont click anything in the mail. Like prior posters have
already said, they probably _are_ bogus. I've been getting
lots of "auction won" crap but I haven't been bidding lately...



Claude

claudel

"Peter James" <> wrote in message
news:...
> how you can tell if an email does come from who it says it does.
> What I'm asking is, how do you authenticate a questionable email?
> --
>
> Peter James
> Change AT to @ to reply

For personal mail, if you want to determine there's someone at the other end
or that they know they sent you the "filename.vbs" attachment, a simple
reply with a question should do. If they reply or not, you'll be able to
judge the first mail.

For commercial mail the sending IP should have some correlation (whois) to
the From address. For example, I got an ad from "Portland Sales sales @
portland.co.uk" about "we are also offering free webhosting". A
SamSpade.org check of the sending IP gives me:

netname: CSIUK
descr: UK Internet Provider

The IP of the sending machine is in the same group as what portland.co.uk
renders.
It's reasonable to assume an internet provider would be sending offers on
webhosting, therefore I would trust the mail, theoretically. In practice, I
trash all commercial mail other than those which I have requested. If I
questioned the mail legitimacy, I would also put in a google search what I
considered to be a key phrase from the subject and or body. That could get
information on scams. Personal information is never given out due to, or
derived from, an incoming mail request.

That said. There's no 100% guaranteed way.
--
~~~~~~~~~~~~~~~~~
Dave McAuliffe
Central Mass. USA
To E-mail -
Replace: mailinator.com
With: email.com
~~~~~~~~~~~~~~~~~

D McAuliffe