On Sunday, July 31, 2005, 10:39:14 AM, Greg Allen wrote:
People who do phishing are going to change their IP address (IP where the actual target/sucker is sent) frequently. They are also probably going to use random and ever changing computer IPs outside the US for obvious legal reasons. Maybe zombies even, who knows.
Yes, they're probably using some zombies. Many phishes also use fake domain names (like updatepaypals .com). We list both domain names and IPs in the SURBL phishing list.
Any domain names in a phishing email code are most likely going to be legit domain names such as, ebay.com, bankofamerica,com, southtrustbank.com etc.. These are the domains visible to the target/sucker.
Yes, and we're whitelisting those legitimate sites, so they're non-issues as far as false positives in SURBLs.
Jeff C.