Hello again, On May 19, 2017 Anne-Sophie Marsh wrote:
Call it "reject", "bounce" or "delivery error" - the bottom line is that legitimate mail from our client (including financial communications from account holders) is not being delivered ...
No, the bottom line is that you need to get a grip of your subject. For example you have changed the subject of this thread from Mail from Paypal wrongly identified as phishing by ClamAv to Re: clamav-users Digest, Vol 150, Issue 18 to Re: clamav-users Digest, Vol 150, Issue 19 so we don't know what we're supposed to be reading in what order, and although my reply to you was very much to the point you explained how it had nothing to do with your problem. You persist in banging on about ClamAV when very clearly the problem is at Epsilon: On Thu, 1 Jun 2017 Kris Deugau wrote:
... Use a subdomain (eg "communication.paypal.com", or "espname.paypal.com"), which is clearly delegated from the organization potentially being spoofed, rather than Yet Another Similar But Not Obviously Associated Domain In short, stop doing the same things that the scammers do, and do things that the scammers can't.
+1 More than 90 percent of all email traffic is from criminals. About the same percentage of my life is consumed by defending my business from criminals. Messages which claim to be from PayPal figure large in that. Paypal could help quite a bit by changing the way they do things, but as Mr. Esler didn't exactly say to you, Ann-Sophie, you seem to think that the answer to your problems is that everyone else changes what they do to suit you. Well if this Internet idea is going to work it has to be co-operative, and one of the things you need to do to be able to co-operate is to find out how things are done before you jump in with both feet and ... splash. That's as true of content in mail that you send on your Client's behalf as it is of Mailing List etiquette. Perhaps spend a bit more time dealing with what the rest of us have had to put up with day in, day out, for (well at least in my case) decades. When you've dealt with criminals for long enough you'll be much better placed to see how NOT to make everybody else's job that little bit harder.
... the domain registrars clearly can't be trusted to prevent *these* from being registered by world+dog, and a disturbing number don't shut down the real spoofs very quickly either).
Worse than that, they point-blank refuse to shut them down - even when handed incontrovertible evidence of fraud taking place right now. To protect the innocent, I need to give ICANN a plug here; last week they refused to take down "btconnect.info" which is registered by criminals in China who have been trying to send my firm forged telephone bills for several months. Obviously we reject everything from China [*] but it still clogs up the server logs with garbage. [*] The more experienced of you reading will know this isn't precisely what I mean. But for the benefit of those criminals who might also be reading, I don't want to publish any details. -- 73, Ged. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
