Skip to Content
12-14-2010 @ 7:35PM
Yeah I always hit, "Show Original" on GMail and look for this little authentication nugget: Authentication-Results: mx.google.com; spf=pass (google.com: domain of email@example.com designates 126.96.36.199 as permitted
12-14-2010 @ 7:42PM
I see that mark in the mail I received - which looks legit and contains no links to anything but the official resources - but what I don't know is if you mean to indicate that this string means the mail is legit or phishing.
12-14-2010 @ 7:49PM
The fact that phishing emails make it through the gmail filter at all indicates that it's probably not foolproof. That said, regardless of whether the email you received is real or fake, following the advice in the post will help keep you safe.
12-14-2010 @ 8:02PM
DNS can't go wrong. If it says the domain resolves to an IP that is permitted it's from Google. Anyone can change the "Sender" field on an e-mail, even Outlook lets you do. You can't beat a domain verification though. I had a failed phishing attempt I was going to show the authentication results in the header from it but apparently deleted them earlier. Obviously follow the stuff listed above but as yet another checkpoint the header information in a e-mail doesn't lie. You'll see something bogus like firstname.lastname@example.org where it showed email@example.com on my example.
12-14-2010 @ 8:30PM
So... DNS can't go wrong?Its an external resource thats outside of your control, nothing can ever go wrong there. Ever. Perfectly safe.
12-14-2010 @ 8:57PM
@wowyes. If the DNS records were compromised, you'd get far worse problems than fake emails. the DNS records is what makes http://battle.net lead to Blizzard. If those were compromised, you wouldn't get to Blizzard, you'd get to wherever the hacker wanted you to go. It would basically be equivalent to hacking the whole web.Now, what sean.aikins showed wasn't the DNS, it was spf. That's a related system where companies (or other sites) can register to increase their email authentication security. As long as those records show a "passed" instead of "failed" or "neither pass nor fail", it should be ok. But only as long as Blizzard uses that layer of security.
12-14-2010 @ 9:06PM
@Hanak I know. My response was meant to be a very sarcastic response to the statement that "DNS can't go wrong". The moment you put implicit trust in an external resource you might as well give up the security game then and there.
First time? A confirmation email will be sent to you after submitting.
Members enter your username and password.
Enter your AOL or AIM screenname and password.
Please keep your comments relevant to this blog entry. Email addresses are never displayed, but they are required to confirm your comments.
When you enter your name and email address, you'll be sent a link to confirm your comment, and a password. To leave another comment, just use that password.
To create a live link, simply type the URL (including http://) or email address and we will make it a live link for you. You can put up to 3 URLs in your comments. Line breaks and paragraphs are automatically converted — no need to use <p> or <br /> tags.