> I host scvrs.org on one of my servers, and, it does not have any outlook or > owa > services. For some reason, someone decided to try and send this message > out to various internet recipients: ... > Anyone seen this before? Any good techniques for combatting it?
If you look more closely at the messages I believe you'll find that they are multipart/alternative, and that the second part gives a slightly modified version of the owa URL. For instance, for my own nethelp.no domain the first part of message says http://nethelp.no/owa/... but the second part specifies URLs like http://nethelp.no.ujjikx.co.im/owa/... http://nethelp.no.ujjiks.net.im/owa/... http://nethelp.no.ikuu8w.com/owa/... http://nethelp.no.ikuu8e.net/owa/... This is a very old trick, seen lots of times in connection with phishing sites, for instance. Steinar Haug, Nethelp consulting, sth...@nethelp.no
