stumpy1
asked on
Very dodgy looking email I received (Supposably from MS!!)
I received this email, the from address was "Microsoft [aspnetw3@email.microsoft.
I have intentionally put spaces inside the actual linkes that the hyperlinked text pointed to so that some other user cant mistakenly come along and click on them. Does anyone know what or who ownes the site "http://r. email. microsoft. com/" or have you received something similar. There was also an embedded image in the HTML mail which pointed to <img width="1" height="1" src="http:// open . delivery . net /o?1.2.Gb.BJ.11G9*K.Buh4PE
The addresses in the text are legitimate MS addresses but what they actually link to appears to be some of the dodgyiest addresses ive seen.
Here is the text of the mail!!!
==========================
Dear ASP.NET Customer,
This alert is to advise you of the availability of a web page that
discusses an investigation Microsoft is currently conducting into
public reports of a security vulnerability in ASP.NET. A malicious
user could provide a specially-formed URL that could result in the
unintended serving of secured content.
This alert is also to advise you of the availability of a new
Microsoft Knowledge Base article: 887459. This article contains
prescriptive guidance with steps customers can implement on their
ASP.NET applications to help protect against a wide variety of
malformed URL attacks.
Microsoft is providing this prescriptive guidance in order to inform
customers as quickly as possible about the vulnerability and
information on how to prevent an attack. Microsoft is actively
investigating this issue and plans to release additional guidance
and a security update to remedy the issue as soon as possible.
The Microsoft Knowledge Base article can be viewed here:
http://support.microsoft.com/?kbid=887459
(linked to: http://r. email. microsoft. com/r?1.1.Gb.BJ.11G9*K.Buh
The web page that discusses the current investigation into the
public reports of a vulnerability in ASP.Net can be viewed here:
http://www.microsoft.com/security/incident/aspnet.mspx
(linked to: http://r. email. microsoft. com/r?1.1.Gb.BJ.11G9*K.Buh
If you have any questions, please see the discussion in the ASP.NET
Security Forums at:
http://www.asp.net/Forums/ShowForum.aspx?tabindex=1&ForumID=25
(linked to: http://r. email. microsoft. com/r?1.1.Gb.BJ.11G9*K.Buh
Thank you,
The Microsoft ASP.NET Team
© 2004 Microsoft Corporation. All rights reserved. Microsoft is a
registered trademark of Microsoft Corporation in the United States
and/or other countries.
Protect Your PC: 3 steps to help ensure your PC is protected
Microsoft wants to help ensure your PC is protected from viruses and
worms like Mydoom and Blaster, as well as from future threats.
Please go to www.microsoft.com/protect (linked to: http://r. email. microsoft. com/r?1.1.Gb.BJ.11G9*K.Buh
1. Use an Internet Firewall
2. Update Your Computer
3. Use Up-to-Date Antivirus Software
To get more information and resources about how to help protect your
PC, go to www.microsoft.com/protect (linked to: http://r. email. microsoft. com/r?1.1.Gb.BJ.11G9*K.Buh
Review our Privacy Statement (linked to: http://r. email. microsoft. com/r?1.1.Gb.BJ.11G9*K.Buh
If you prefer not to receive future promotional e-mails of this type
from Microsoft, please click here (linked to: http://p. email. microsoft. com/m/u/mst/emd/m.asp?e='m
update your preferences; however, you may still receive previously
initiated promotional communications from Microsoft.
This e-mail is intended for distribution within the United States.
Please contact your local Microsoft® Subsidiary for similar
offerings outside the U.S.
Microsoft Corporation
One Microsoft Way
Redmond, WA 98052
(embedded 1x1 image here)
==========================
I have intentionally put spaces inside the actual linkes that the hyperlinked text pointed to so that some other user cant mistakenly come along and click on them. Does anyone know what or who ownes the site "http://r. email. microsoft. com/" or have you received something similar. There was also an embedded image in the HTML mail which pointed to <img width="1" height="1" src="http:// open . delivery . net /o?1.2.Gb.BJ.11G9*K.Buh4PE
The addresses in the text are legitimate MS addresses but what they actually link to appears to be some of the dodgyiest addresses ive seen.
Here is the text of the mail!!!
==========================
Dear ASP.NET Customer,
This alert is to advise you of the availability of a web page that
discusses an investigation Microsoft is currently conducting into
public reports of a security vulnerability in ASP.NET. A malicious
user could provide a specially-formed URL that could result in the
unintended serving of secured content.
This alert is also to advise you of the availability of a new
Microsoft Knowledge Base article: 887459. This article contains
prescriptive guidance with steps customers can implement on their
ASP.NET applications to help protect against a wide variety of
malformed URL attacks.
Microsoft is providing this prescriptive guidance in order to inform
customers as quickly as possible about the vulnerability and
information on how to prevent an attack. Microsoft is actively
investigating this issue and plans to release additional guidance
and a security update to remedy the issue as soon as possible.
The Microsoft Knowledge Base article can be viewed here:
http://support.microsoft.com/?kbid=887459
(linked to: http://r. email. microsoft. com/r?1.1.Gb.BJ.11G9*K.Buh
The web page that discusses the current investigation into the
public reports of a vulnerability in ASP.Net can be viewed here:
http://www.microsoft.com/security/incident/aspnet.mspx
(linked to: http://r. email. microsoft. com/r?1.1.Gb.BJ.11G9*K.Buh
If you have any questions, please see the discussion in the ASP.NET
Security Forums at:
http://www.asp.net/Forums/ShowForum.aspx?tabindex=1&ForumID=25
(linked to: http://r. email. microsoft. com/r?1.1.Gb.BJ.11G9*K.Buh
Thank you,
The Microsoft ASP.NET Team
© 2004 Microsoft Corporation. All rights reserved. Microsoft is a
registered trademark of Microsoft Corporation in the United States
and/or other countries.
Protect Your PC: 3 steps to help ensure your PC is protected
Microsoft wants to help ensure your PC is protected from viruses and
worms like Mydoom and Blaster, as well as from future threats.
Please go to www.microsoft.com/protect (linked to: http://r. email. microsoft. com/r?1.1.Gb.BJ.11G9*K.Buh
1. Use an Internet Firewall
2. Update Your Computer
3. Use Up-to-Date Antivirus Software
To get more information and resources about how to help protect your
PC, go to www.microsoft.com/protect (linked to: http://r. email. microsoft. com/r?1.1.Gb.BJ.11G9*K.Buh
Review our Privacy Statement (linked to: http://r. email. microsoft. com/r?1.1.Gb.BJ.11G9*K.Buh
If you prefer not to receive future promotional e-mails of this type
from Microsoft, please click here (linked to: http://p. email. microsoft. com/m/u/mst/emd/m.asp?e='m
update your preferences; however, you may still receive previously
initiated promotional communications from Microsoft.
This e-mail is intended for distribution within the United States.
Please contact your local Microsoft® Subsidiary for similar
offerings outside the U.S.
Microsoft Corporation
One Microsoft Way
Redmond, WA 98052
(embedded 1x1 image here)
==========================
stumpy1,
Just for your information, Whois lookup for r.email.microsoft.com:
http://www.whois.sc/microsoft.com
Lookup for open.delivery.net:
http://www.whois.sc/delivery.net (which is an advertizement company)
LucF
Just for your information, Whois lookup for r.email.microsoft.com:
http://www.whois.sc/microsoft.com
Lookup for open.delivery.net:
http://www.whois.sc/delivery.net (which is an advertizement company)
LucF
ASKER
Im subscribed to a few of Microsofts newsletters. The emails are usually just like a normal Microsoft page on their site. Also the links in the emails usually link to http://go.microsoft.com/?linkid='linkid'
I have never seen a link to r.email.microsoft.com before, also the email was very plain as opposed to their usual emails.
Also their emails usually come from some convuluted address @newsletters.microsoft.com
Because of all these reasons I just became extremely suspicious of this email straight away!
I have never seen a link to r.email.microsoft.com before, also the email was very plain as opposed to their usual emails.
Also their emails usually come from some convuluted address @newsletters.microsoft.com
Because of all these reasons I just became extremely suspicious of this email straight away!
ASKER
I also posted this in the Lounge to get a bit more feedback.
https://www.experts-exchange.com/questions/21158180/Very-dodgy-looking-email-I-received-Supposably-from-MS.html
I had my suspicions confirmed there
https://www.experts-exchange.com/questions/21158180/Very-dodgy-looking-email-I-received-Supposably-from-MS.html
I had my suspicions confirmed there
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hi LucF, stumpy1,
Such occurances not only happen to microsoft letters... lately i've caught one email which use similar technique to goto another web to collect user data. they pose themselves as ebay tech team...
cheers,
Luis
Such occurances not only happen to microsoft letters... lately i've caught one email which use similar technique to goto another web to collect user data. they pose themselves as ebay tech team...
cheers,
Luis
How to Tell If a Microsoft Security-Related Message Is Genuine
http://www.microsoft.com/security/incident/authenticate_mail.mspx
http://www.microsoft.com/security/incident/authenticate_mail.mspx
The Information Is on Microsoft.com
We never send notices about security updates or incidents until after we publish information about them on our Web site. If you are ever in doubt about the authenticity of a Microsoft security e-mail notification, check the Security site on Microsoft.com to see if the information is listed there.
https://www.microsoft.com/security/default.mspx
We never send notices about security updates or incidents until after we publish information about them on our Web site. If you are ever in doubt about the authenticity of a Microsoft security e-mail notification, check the Security site on Microsoft.com to see if the information is listed there.
https://www.microsoft.com/security/default.mspx
I have never got any mail from microsoft.
ASKER
astaec,
The text for the links in the email are for legitimate issues - incidents, its what they actually link to thats dodgy.
LucF,
Definately something not right there :-)
gemchest,
This type of mail can come from almost any source, this is just one of the most legitimate looking examples of this type of mail ive seen.
The text for the links in the email are for legitimate issues - incidents, its what they actually link to thats dodgy.
LucF,
Definately something not right there :-)
gemchest,
This type of mail can come from almost any source, this is just one of the most legitimate looking examples of this type of mail ive seen.
I see, still looking; found this.
About Email.Microsoft.com
Email.Microsoft.com is a Microsoft-owned domain that is used to deliver marketing e-mail by Digital Impact, a Microsoft vendor. If you prefer not to receive future promotional e-mails of this type from Microsoft, please click here to unsubscribe. We will promptly update your preferences; however, you may still receive previously initiated promotional communications from Microsoft.
You may also forward the e-mail you received to postmaster@email.microsoft
Microsoft is committed to sending you only the e-mail that you want to receive. If you have questions about your privacy, send us a message or write a letter to:
Microsoft.com Privacy
Microsoft Corporation
One Microsoft Way
Redmond, Washington 98052
http://www.microsoft.com/info/di.htm
-----
Corporate link to Email issues/spam/faked IDs, etc.
http://www.microsoft.com/mscorp/execmail/
Microsoft Is Committed to Help End the Spam Epidemic
http://www.microsoft.com/mscorp/twc/privacy/spam.mspx
---
http://www.microsoft.com/presspass/events/antispam/material.asp
Be careful about disclosing your e-mail address
http://www.microsoft.com/athome/security/spam/fightspam.mspx
Set up an e-mail address dedicated solely to Web transactions. Consider using a free mail service to set up an e-mail account for your online transactions. This will help you keep your real e-mail address private.
• Only share your primary e-mail address with people you know. Avoid listing your e-mail address in large Internet directories. Don't even post it on your own Web site.
• Disguise your e-mail address. Use a disguised address whenever you post it to a newsgroup, chat room, or bulletin board. For example, you could give your e-mail address as "s0me0ne@example.c0m" using "0" (zero) instead of "o." A person can interpret your address, but the automated programs that spammers use cannot.
• Watch out for checked boxes. When you buy things online, companies sometimes pre-check boxes to indicate that it's fine to sell or give your e-mail address to responsible parties. Click the check box to clear it if you don't want the company to contact you.
---
Handling unwanted e-mail (spam)
http://www.microsoft.com/athome/security/spam/options.mspx
.... probably all stuff you know, but was updating my links so posting here as well "just in case there's something new here for you".
Asta
About Email.Microsoft.com
Email.Microsoft.com is a Microsoft-owned domain that is used to deliver marketing e-mail by Digital Impact, a Microsoft vendor. If you prefer not to receive future promotional e-mails of this type from Microsoft, please click here to unsubscribe. We will promptly update your preferences; however, you may still receive previously initiated promotional communications from Microsoft.
You may also forward the e-mail you received to postmaster@email.microsoft
Microsoft is committed to sending you only the e-mail that you want to receive. If you have questions about your privacy, send us a message or write a letter to:
Microsoft.com Privacy
Microsoft Corporation
One Microsoft Way
Redmond, Washington 98052
http://www.microsoft.com/info/di.htm
-----
Corporate link to Email issues/spam/faked IDs, etc.
http://www.microsoft.com/mscorp/execmail/
Microsoft Is Committed to Help End the Spam Epidemic
http://www.microsoft.com/mscorp/twc/privacy/spam.mspx
---
http://www.microsoft.com/presspass/events/antispam/material.asp
Be careful about disclosing your e-mail address
http://www.microsoft.com/athome/security/spam/fightspam.mspx
Set up an e-mail address dedicated solely to Web transactions. Consider using a free mail service to set up an e-mail account for your online transactions. This will help you keep your real e-mail address private.
• Only share your primary e-mail address with people you know. Avoid listing your e-mail address in large Internet directories. Don't even post it on your own Web site.
• Disguise your e-mail address. Use a disguised address whenever you post it to a newsgroup, chat room, or bulletin board. For example, you could give your e-mail address as "s0me0ne@example.c0m" using "0" (zero) instead of "o." A person can interpret your address, but the automated programs that spammers use cannot.
• Watch out for checked boxes. When you buy things online, companies sometimes pre-check boxes to indicate that it's fine to sell or give your e-mail address to responsible parties. Click the check box to clear it if you don't want the company to contact you.
---
Handling unwanted e-mail (spam)
http://www.microsoft.com/athome/security/spam/options.mspx
.... probably all stuff you know, but was updating my links so posting here as well "just in case there's something new here for you".
Asta
Spam Litigation Case Fact Sheet - http://www.microsoft.com/presspass/press/2003/jun03/0617spamenforcementfs.asp
Off to work.
Off to work.
ASKER
Email.Microsoft.com looks legitimate, however the worrying thing in the email was that the domain was
http://r.email.microsoft.com/
trust MS to send out mail that looks like a virus email ... ... As with any other dodgy email, I didnt click on any of the links, especially the unsubscribe link (aka. confirm this address exists.)
http://r.email.microsoft.com/
trust MS to send out mail that looks like a virus email ... ... As with any other dodgy email, I didnt click on any of the links, especially the unsubscribe link (aka. confirm this address exists.)
Those are the links always used in MS's e-mails. Nothing dodgy about it although I always found it pretty stupid also. I've never been able to find out why they made their links like this.
Have you subscribed to some newsletter from MS?
Greetings,
LucF