9 thoughts on “Warning: Jade Tiger Pet a Scam”

  1. Wow, that is a very clever spam email. No doubt it will take you to some site with an obscure URL but styled like the official Blizzard site, asking you to log in so they can capture your log in details.

    I’m surprised they managed to send using “email.blizzard.com”. I would’ve thought Blizzard would’ve had that locked down tight.
    .-= We Fly Spitfires´s last blog ..The RMT Industry – What I’ve Learnt =-.

    Reply
  2. There is nothing in the SMTP (mail transport) RFC preventing incorrect from addresses being used. Nor anything in the transport chain that demands the sender actually have the rights to send mail from that address. Some systems are trying to put such things in place – but that’s a much larger issue and this comment is not really the best place to talk about how mail servers work, and what sort of options are around to deal with this sort of thing

    Matticus isn’t sharing full email headers, so we can’t see the chain of the mail, which likely doesn’t pass through any valid/typical blizzard servers, and if Blizzard declares SPF records it would certainly fail an SPF test. A test and check that is totally optional.

    The last one of these kinds of mails I got were also not to my Battlenet email address and I believe they’d farmed it out of a comment or post on a wow forum or perhaps from epicadvice.

    Reply
  3. On the splash screen when logging into WOW last night the tip I read was that Blizzard will only send emails from blizzard.com and battle.net. This tip seems fairly useless if the hacking of the from address is ‘trivial’

    Reply

Leave a Comment