Thread: sbc dsl offer or spoof?
View Single Post
  #1  
Old 04-23-2004, 07:39 PM
sixto's Avatar
sixto sixto is offline
smoke gets in your eyes
  
Join Date: Jun 2000
Location: Eastern TN
Posts: 20,841
sbc dsl offer or spoof?
I got a message from SBC offering to renew my contract for another year at a reduced rate. It looks legit except that the renewal form asks for seemingly legitimate identifying info but isn't on a secure website, and the message came with the following header:

X-YahooFilteredBulk: 200.213.42.3

Return-Path:

Received: from 200.213.42.3 (EHLO vmk.prodigy.net) (200.213.42.3) by mta825.mail.sc5.yahoo.com with SMTP; Thu, 01 Apr 2004 08:26:33 -0800

X-Originating-IP: [207.115.63.76]

Received: from agent1-int.prodigy.net (agent1-ext.prodigy.net [207.115.63.76]) by vmk.prodigy.net (8.12.10/8.12.10) with ESMTP id i31G9cSK218978; Thu, 1 Apr 2004 11:12:36 -0500

Received: from smtp.com (bulkmail-int.prodigy.net [207.115.4.187]) by agent1-int.prodigy.net (8.8.5/8.8.5) with SMTP id LAA46148; Thu, 1 Apr 2004 11:09:30 -0500

Message-Id: <200404011609.LAA46148@agent1-int.prodigy.net>

Date: Thu, 01 Apr 2004 11:06:22 -0500

From: "SBC DSL Member Services" Add to Address Book

Subject: Important Information About Your DSL Service

To: "SBC DSL Members"

Precedence: list

Content-Type: multipart/alternative; boundary="----=_NextPart_000_0007_01C126FC.0B7F7100"

Mime-Version: 1.0

X-Bulkmail: 2.05

Content-Length: 2748

... with prodigy.net all over it. Why would an SBC message be broadcast through Prodigy? Is that how email is handled or is there some funny business going on?

The link to the form in the message has this URL -

<http://myclicks.prodigy.net/track.html?page=14946&module=2146&link=27390&cat=304&provider=5836&url=http://sbc.com/dsloffer2>

When I click on the link the URL box quickly changes to -

http://www02.sbc.com/DSL/Offer2

... as the page paints on the screen.

The more I think about it the more phishy it seems.

Thanks,
Sixto
95 S420
87 300SDL
Reply With Quote