Hello Jeremy,
On Sunday, May 9, 2004 at 5:53:14 PM you wrote (at least in part):
>> this is one of those times I wish ezmlm{,-idx} put the original envelope
>> sender in the headers of the email somehwere.
> So anywho, I looked in the archive/ directory for this message, found it, and
> it appears [EMAIL PROTECTED] somehow got added to the list.
Might be, but who sent this particular message? The %XX-encoded URL is
in plain text form:
https://211.28.155.210/.verification/hide/index2.htm
This isn't PayPal, this is somebody else who tries to fake users. When
this URL is opened a popup opens and a faked PayPal Login form
appears. Additionally this page then presents a "looks like an address
bar" item, that displays a paypal.com address, so IE-users might think
they're in the correct location.
Non-IE users are nearly immediately redirected to the real PayPal
site, I guess whoever intends to get user logins this way does rely on
some glitches of IE that make it hard to recognize one is on the wrong
page and he/she does not want somebody else being able to figure
easily this mail was a big fake.
For all interested: popup opened by above mentioned URL is this page:
https://211.28.155.210/.verification/hide/sysdll.php
Open with deactivated JavaScript to fully "enjoy" it without being
sent somewhere else :-)
--
Best regards
Peter Palmreuther
Nothing is impossible for anyone impervious to reason.
