A product website without pricing information is really annoying!

Looking at the website, of a product in which I am interested, that does not show the price is frustrating! It is frankly amazing to me how many product websites from reputable companies do not make it easy to find out how much their widgets cost. When I cannot determine the price on the same page as the product information, I generally assume it is too expensive and move on. I wonder how many potential customers are turned away by hard to find pricing information.

Saying no to PayPal Phishing Attacks

Users on my mail server, well at least the ones with domains subscribed to the filtering service, no longer receive PayPal spoofs unaltered! The trick to catching this vermin is both simple and accurate.

An e-mail is certainly a phishing attack when all three of the following conditions are met:

• The From address claims to be paypal.com
• The Received header, which indicates the address of the computer from which the e-mail was actually received, is not paypal.com
• A paypal.com URL is mentioned in the body of the e-mail

Similar rules can be applied to ebay.com, suntrust.com, and any of the other brands that are spoofed. The code has already been written and these rules are easily implemented with SpamAssassin and available at http://www.rulesemporium.com.

Instead of the offending message being delivered unmarked to users who may be tricked by the scams, the users receive an e-mail stating that the message is suspected spam, giving enumerated reasons. Users can of course still see the original e-mail that is attached to the explanation message.

I wonder why the "Anti-Phishing Working Group" does not provide useful information like this. I suspect the next useful feature would be automatic reporting to [email protected] or similar addresses that may be maintained by organizations who are victims of phishing scams.