[sf-lug] phishy phishy phish

Michael Paoli Michael.Paoli at cal.berkeley.edu
Thu Jul 30 00:27:21 PDT 2020


> From: "Rick Moen" <rick at linuxmafia.com>
> Subject: Re: [sf-lug] phishy phishy phish Re:  Fwd: SF-LUG.COM [PHISH]
> Date: Wed, 29 Jul 2020 19:09:10 -0700

> Quoting Michael Paoli (michael.paoli at cal.berkeley.edu):
>
> Bobbie's posting had so much phishing spam drivel in it that my
> personal spam-filtering threw away my subscriber copy.  But I can see it
> in the Mailman archives.  Bobbie said:

Yep, mine too ...
or at least was "filtered" and tagged, and didn't go to the
"inbox" or land there without being clearly tagged as highly
probable spam/phish.

Anyway, speaking of which ... also very annoying when (purportedly)
legitimate senders do things that make their emailings look much less
legitimate / more suspect.  Annoyance of the day (well, past 24 hours).
A major financial institution.  American, based in USA, even has
"america" as part of its name.  I'm in the US, they're in the US,
my ISP is and is based in the US, most any communication between
me via my ISP from home to/from something else in the US, generally
ought not be going via other random country(/ies) on the planet.

So ... I get purportedly legitimate email from said USA based
financial institution to me, in USA, via ISP, in and based in USA.
And ... from whence does that email hop from the financial
institution's sending MTA (or their authorized provider) come?
It goes from their MTA - from an IP address NOT in the USA,
to MTA for / on behalf of me - in the USA.  Uh huh.
So yes, sure, I'm immediately suspicious of it.
Sure, it looks legit ... maybe/probably actually is.

But geez, if you're a friggin' USA based major financial institution
with "america" as part of your name, sending to a customer in
the USA, why the hell are you doing this via IP address(es)
not in the USA?  I mean it's not like me and financial institution
are in some itty bitty teensy country and most anything to get anywhere
between two points in that country on The Internet would typically
go via something outside of that teensy country.  We're talkin'
pretty large geographically, population, and Internet infrastructure
here in the USA.
So why, oh why, is said financial institution routing this via
some other country?  And do I really want/prefer to be dealing with
financial institutions that are routing some of my data - even if
it may not be all that sensitive - via countries outside of
the USA?  So of course, then, too, NSA will slurp up all that data
too (in case they didn't already have it).  Yeah, ... if you're a
financial institution, DON'T DO THAT!

Not to mention the stupid stuff such institutions also commonly do,
encouraging folks to click on links included in email ... sheesh (yes
of course, they did that too ... in the same email ... oh, and of
course those links also have their click tracking on 'em ...
no thanks - I don't want to be encouraging more crud emails
like that).




More information about the sf-lug mailing list