Personally, I don’t believe any WoW-related emails unless I see Blizzard themselves advertising it on the launch screen.
.-= Psynister´s last blog ..Alt’ernate Universe =-.
Wow, that is a very clever spam email. No doubt it will take you to some site with an obscure URL but styled like the official Blizzard site, asking you to log in so they can capture your log in details.
I’m surprised they managed to send using “email.blizzard.com”. I would’ve thought Blizzard would’ve had that locked down tight.
.-= We Fly Spitfires´s last blog ..The RMT Industry – What I’ve Learnt =-.
There is nothing in the SMTP (mail transport) RFC preventing incorrect from addresses being used. Nor anything in the transport chain that demands the sender actually have the rights to send mail from that address. Some systems are trying to put such things in place – but that’s a much larger issue and this comment is not really the best place to talk about how mail servers work, and what sort of options are around to deal with this sort of thing
Matticus isn’t sharing full email headers, so we can’t see the chain of the mail, which likely doesn’t pass through any valid/typical blizzard servers, and if Blizzard declares SPF records it would certainly fail an SPF test. A test and check that is totally optional.
The last one of these kinds of mails I got were also not to my Battlenet email address and I believe they’d farmed it out of a comment or post on a wow forum or perhaps from epicadvice.
I get spam e-mail to my blog’s e-mail address, however my battle.net e-mail is NOT the same as the one I post on my blog.
.-= Lissanna´s last blog ..Save the turkeykin! =-.
On the splash screen when logging into WOW last night the tip I read was that Blizzard will only send emails from blizzard.com and battle.net. This tip seems fairly useless if the hacking of the from address is ‘trivial’
E-mail header has never been a reliable security mechanism. And with commercial interest from big names like Microsoft and other legal obstruction (like the US munitions export regulations) standing in the way, there’s still a long way to go before email security come to the average user.
.-= Maaya´s last blog ..Leveling Druid’s Guide to Healing Utgarde Keep =-.
Wow this is some serious work behind making this like the real thing.
Very nasty and tricky. This is a new approach for sure evil bastards!
.-= Angry Gamer´s last blog ..Do guild applications still work? =-.
Haven’t gotten the email yet myself.
Personally, I don’t believe any WoW-related emails unless I see Blizzard themselves advertising it on the launch screen.
.-= Psynister´s last blog ..Alt’ernate Universe =-.
Wow, that is a very clever spam email. No doubt it will take you to some site with an obscure URL but styled like the official Blizzard site, asking you to log in so they can capture your log in details.
I’m surprised they managed to send using “email.blizzard.com”. I would’ve thought Blizzard would’ve had that locked down tight.
.-= We Fly Spitfires´s last blog ..The RMT Industry – What I’ve Learnt =-.
“from” addresses are trivially faked in email.
There is nothing in the SMTP (mail transport) RFC preventing incorrect from addresses being used. Nor anything in the transport chain that demands the sender actually have the rights to send mail from that address. Some systems are trying to put such things in place – but that’s a much larger issue and this comment is not really the best place to talk about how mail servers work, and what sort of options are around to deal with this sort of thing
Matticus isn’t sharing full email headers, so we can’t see the chain of the mail, which likely doesn’t pass through any valid/typical blizzard servers, and if Blizzard declares SPF records it would certainly fail an SPF test. A test and check that is totally optional.
The last one of these kinds of mails I got were also not to my Battlenet email address and I believe they’d farmed it out of a comment or post on a wow forum or perhaps from epicadvice.
I get spam e-mail to my blog’s e-mail address, however my battle.net e-mail is NOT the same as the one I post on my blog.
.-= Lissanna´s last blog ..Save the turkeykin! =-.
On the splash screen when logging into WOW last night the tip I read was that Blizzard will only send emails from blizzard.com and battle.net. This tip seems fairly useless if the hacking of the from address is ‘trivial’
E-mail header has never been a reliable security mechanism. And with commercial interest from big names like Microsoft and other legal obstruction (like the US munitions export regulations) standing in the way, there’s still a long way to go before email security come to the average user.
.-= Maaya´s last blog ..Leveling Druid’s Guide to Healing Utgarde Keep =-.