Windows Live ID Phishing?

I recently received:
_
Hello MyMacAddressmac.com:

You recently asked to reset your Windows Live ID password by
e-mail. 
Follow the instructions below to reset your password, or to
cancel 
your password reset request.

TO RESET YOUR PASSWORD:

1. Select and copy the following Internet address.

https://accountservices.msn.com/EmailPage.srf?e
mailid=ccdf9d92f71 
[lots more clipped]

2. Open a browser, paste the link in the address bar, then
press 
Enter or Return on your keyboard.

IF YOU DID NOT REQUEST TO RESET YOUR PASSWORD:

1. Select and copy the following Internet address.

https://accountservices.msn.com/EmailPage.srf?e
mailid=ccdf9d92f71 
[lots more clipped]
_

I'm suspicious of this because:

1) I'm a Mac user. To my knowledge, I've never signed up for
a .NET 
or Windows Live ID.

2) I didn't "recently ask to,reset" my password.

2) This was sent to my address at Mac.com.

3) Unlike most actual password reset mechanisms, this one
insists 
that I have to do something even if I do not want to reset
my 
password.

I've now received three of these. The first was on the 14th
and 
headers look like this:

Return-path: <supportpassport.msn.com>
Received: from mac.com ([10.150.68.58])
  by ms183.mac.com (Sun Java System Messaging Server
6.2-8.01 (built Nov 27
  2006)) with ESMTP id <0JUO0001H3BOZH90ms183.mac.com> for 
MyMacAddressmac.com;
  Mon, 14 Jan 2008 20:04:36 -0800 (PST)
Received: from servera01.blusmtp4.msn.com
  (servera01.blusmtp.msn.com [65.55.238.140])
	by mac.com (Xserve/smtpin058/MantshX 4.0) with ESMTP id
m0F44ZgM014752	for
  <MyMacAddressmac.com>; Mon, 14 Jan 2008 20:04:35
-0800 (PST)
Received: from BAYPPBAT2B11 ([65.54.177.244]) by
servera01.blusmtp4.msn.com
  with Microsoft SMTPSVC(6.0.3790.3959); Mon, 14 Jan 2008
23:04:34 -0500
Date: Mon, 14 Jan 2008 20:04:34 -0800
From: Microsoft Customer Support <supportpassport.msn.com>
Subject: Reset your Windows Live ID password
To: MyMacAddressmac.com
Message-id: <200801150404.m0F44ZgM014752mac.com>
MIME-version: 1.0
Content-type: text/plain
Content-transfer-encoding: 8bit
X-Priority: 3
X-Brightmail-Tracker: AAAAAgAAAUAAAAFU
X-Brightmail: Scanned
Original-recipient: rfc822; MyMacAddressmac.com






Is this a phishing expedition?

Did you ever have a Microsoft Messenger account, MSN
messenger account our
in the ancient days, configure a Microsoft Passport account?
 I think
they've all been rolled into Windows Live ID. 



Glenn Meadows
Sheridan Square Entertainment
-----Original Message-----
From: Warren Michelsen [mailto:WarrenMDCCLXXVI.com] 
Sent: Friday, January 18, 2008 8:00 AM
To: surgemail-listnetwinsite.com
Subject: [SurgeMail List] Windows Live ID Phishing?

I recently received:
_
Hello MyMacAddressmac.com:

You recently asked to reset your Windows Live ID password by
e-mail. 
Follow the instructions below to reset your password, or to
cancel your
password reset request.

TO RESET YOUR PASSWORD:

1. Select and copy the following Internet address.

https://accountservices.msn.com/EmailPage.srf?e
mailid=ccdf9d92f71
[lots more clipped]

2. Open a browser, paste the link in the address bar, then
press Enter or
Return on your keyboard.

IF YOU DID NOT REQUEST TO RESET YOUR PASSWORD:

1. Select and copy the following Internet address.

https://accountservices.msn.com/EmailPage.srf?e
mailid=ccdf9d92f71
[lots more clipped]
_

I'm suspicious of this because:

1) I'm a Mac user. To my knowledge, I've never signed up for
a .NET or
Windows Live ID.

2) I didn't "recently ask to,reset" my password.

2) This was sent to my address at Mac.com.

3) Unlike most actual password reset mechanisms, this one
insists that I
have to do something even if I do not want to reset my
password.

I've now received three of these. The first was on the 14th
and headers look
like this:

Return-path: <supportpassport.msn.com>
Received: from mac.com ([10.150.68.58])
  by ms183.mac.com (Sun Java System Messaging Server
6.2-8.01 (built Nov 27
  2006)) with ESMTP id <0JUO0001H3BOZH90ms183.mac.com> for
MyMacAddressmac.com;
  Mon, 14 Jan 2008 20:04:36 -0800 (PST)
Received: from servera01.blusmtp4.msn.com
  (servera01.blusmtp.msn.com [65.55.238.140])
	by mac.com (Xserve/smtpin058/MantshX 4.0) with ESMTP id
m0F44ZgM014752	for
  <MyMacAddressmac.com>; Mon, 14 Jan 2008 20:04:35
-0800 (PST)
Received: from BAYPPBAT2B11 ([65.54.177.244]) by
servera01.blusmtp4.msn.com
  with Microsoft SMTPSVC(6.0.3790.3959); Mon, 14 Jan 2008
23:04:34 -0500
Date: Mon, 14 Jan 2008 20:04:34 -0800
From: Microsoft Customer Support <supportpassport.msn.com>
Subject: Reset your Windows Live ID password
To: MyMacAddressmac.com
Message-id: <200801150404.m0F44ZgM014752mac.com>
MIME-version: 1.0
Content-type: text/plain
Content-transfer-encoding: 8bit
X-Priority: 3
X-Brightmail-Tracker: AAAAAgAAAUAAAAFU
X-Brightmail: Scanned
Original-recipient: rfc822; MyMacAddressmac.com






Is this a phishing expedition?

At 8:23 AM -0600 1/18/08, Glenn Meadows sent email regarding
Re: 
[SurgeMail List] Windows Live ID Phishing?:
>Did you ever have a Microsoft Messenger account, MSN
messenger account our
>in the ancient days, configure a Microsoft Passport
account?

Yes, I have a messenger account, but I certainly did not
request that 
its password be reset.

One possibility, which I dismissed, is that this is a
routine 
we-need-everyone-to-reset-their-passwords request due to
some system 
overhaul. I figured it unlikely because an outfit as big as
MS ought 
to know better than to say I had requested the reset
myself.

At 6:06 PM -0500 1/18/08, <webmaster1usa.com> sent email regarding 
Re: [SurgeMail List] Windows Live ID Phishing?:
>Well, my .02 says it's a Phish... ...
>
>There's probably a hidden url in the email.  Take a look
at the 
>message source and search for "http"

No, there's no disguised URL. The email is plain text and
the URLs 
therein seem to really point to msn.com.

But I've never had a .NET login and had never heard of
Windows Live 
until I got this strange email.

What's most bothersome is that they insist I must do
something even 
if I did NOT request that my password be reset. Were it not
for that, 
I would not have been suspicious.

If you have a Xbox live account, Hotmail account or an msdn
membership
or the like it could cause this.  I suppose a password reset
could be
triggered by someone trying to gain access to the account.

-----Original Message-----
From: Warren Michelsen [mailto:WarrenMDCCLXXVI.com] 
Sent: Friday, January 18, 2008 3:39 PM
To: surgemail-listnetwinsite.com
Subject: Re: [SurgeMail List] Windows Live ID Phishing?

At 6:06 PM -0500 1/18/08, <webmaster1usa.com> sent email regarding 
Re: [SurgeMail List] Windows Live ID Phishing?:
>Well, my .02 says it's a Phish... ...
>
>There's probably a hidden url in the email.  Take a look
at the 
>message source and search for "http"

No, there's no disguised URL. The email is plain text and
the URLs 
therein seem to really point to msn.com.

But I've never had a .NET login and had never heard of
Windows Live 
until I got this strange email.

What's most bothersome is that they insist I must do
something even 
if I did NOT request that my password be reset. Were it not
for that, 
I would not have been suspicious.

At 6:39 PM -0800 1/18/08, Fred Wilson sent email regarding
Re: 
[SurgeMail List] Windows Live ID Phishing?:
>If you have a Xbox live account, Hotmail account or an
msdn membership
>or the like it could cause this.  I suppose a password
reset could be
>triggered by someone trying to gain access to the
account.

That's not uncommon, and why I tend to ignore such things if
I did 
not request a password reset. In this case however, MSN
requires that 
I do something even if I don't want my password reset.
Strangely, I 
cannot log into my MSN messenger account (which uses an
email address 
which is NOT the one to which I received this reset email).
It tells 
me my email address or password is wrong.

In any case, this does not appear to be a phishing email. It
really 
did come from MSN, as far as I can tell, and the URLs in it
go to 
MSN.com.