List Info

Thread: "Verify your key" email -- phishing?
"Verify your key" email -- phishing?
country flaguser name
United States		 2007-02-09 08:20:49 
I've just received email titled "[PGP Global Directory]
Verify Your
Key", which says, "You have previously submitted a
key to the PGP
Global Directory containing the email address bocagearyahoo.com. We
periodically verify each email address to ensure it remains
active and
configured to send and receive PGP signed and encrypted
email."

Is this real, or phishing?



____________________________________________________________
__
Archives:         htt
p://groups.yahoo.com/group/PGP-Basics/messages
OT List:          http://gr
oups.yahoo.com/group/PGP-Basics-OT
OT Subscribe:    
mailto:PGP-Basics-OT-subscribe@yahoogroups.com 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://grou
ps.yahoo.com/group/PGP-Basics/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://
groups.yahoo.com/group/PGP-Basics/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:PGP-Basics-digest@yahoogroups.com 
    mailto:PGP-Basics-fullfeatured@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
    PGP-Basics-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.c
om/info/terms/
Re: "Verify your key" email -- phishing?
country flaguser name
United States		 2007-02-09 09:14:09 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Bill Gearhiser wrote:
> I've just received email titled "[PGP Global
Directory] Verify Your
> Key", which says, "You have previously
submitted a key to the PGP
> Global Directory containing the email address
bocagearyahoo.com. We
> periodically verify each email address to ensure it
remains active and
> configured to send and receive PGP signed and encrypted
email."
> 
> Is this real, or phishing?


I think it is real, though hard to tell without seeing it.

I got one recently that was real. They even sign your key
after you
respond. It seems they update their records once per year
and the key
signing must expire in a year also. I bet your key has been
signed by
them for a year already. Did you ever sync your key to that
server? If
not, try it and see if the sig is there.

Tom
Here are the headers i got with the legitimate message:

- From - Sun Jan 28 00:47:44 2007
X-Account-Key: account2
X-UIDL: GmailId1105371a0d9a2d8f
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Delivered-To: tom.furnarigmail.com
Received: by 10.66.238.1 with SMTP id l1cs14375ugh;
        Wed, 24 Jan 2007 01:31:00 -0800 (PST)
Received: by 10.78.149.15 with SMTP id
w15mr278238hud.1169631060001;
        Wed, 24 Jan 2007 01:31:00 -0800 (PST)
Return-Path: <>
Received: from keyserver1.pgp.com ([209.237.226.57])
        by mx.google.com with ESMTP id
38si648180hua.2007.01.24.01.30.58;
        Wed, 24 Jan 2007 01:30:59 -0800 (PST)
Received-SPF: neutral (google.com: 209.237.226.57 is neither
permitted
nor denied by best guess record for domain of
keyserver1.pgp.com)
Received: from keyserver1.pgp.com (localhost.localdomain
[127.0.0.1])
	by keyserver1.pgp.com (PGP Universal) with ESMTP id
75DC435800F
	for <tom.furnarigmail.com>; Wed, 24 Jan 2007 01:30:57
-0800 (PST)
Received: from keyserver1.pgp.com ([127.0.0.1])
  by keyserver1.pgp.com (PGP Universal service);
  Wed, 24 Jan 2007 01:30:57 -0800
X-PGP-Universal: processed;
	by keyserver1.pgp.com on Wed, 24 Jan 2007 01:30:57 -0800
Message-ID: <9209226.1169631057162.JavaMail.rootkeyserver1.pgp.com>
Date: Wed, 24 Jan 2007 01:30:57 -0800 (PST)
From: PGP Global Directory <do-not-replykeyserver1.pgp.com>
To: Thomas Furnari <tom.furnarigmail.com>
Subject: [PGP Global Directory] Verify Your Key
Mime-Version: 1.0
X-PGP-Verify-Token: dNYS6YWVNP5EXS76UKO4KS6ZM24
X-PGP-Email-Purpose: renew
X-PGP-Encoding-Version: 2.0.2
Content-Type: multipart/signed;
	protocol="application/pgp-signature";
	micalg="pgp-sha1";
	boundary="PGP_Universal_747AA89A_84E8372F_AAB601FB_F3C
5C53B"



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


iQIVAwUBRcyPwFYdKyb4Xz7KAQJcvg//Qygx9/Sd2F1xo7xU4JftDTQTAvsN
1Uz/
lJhef1twPrPxC7U5KNp0qE1q7zK6vPwNaDS6y5snsOfEaiSB0eQNqsQsGuD6
zy1y
PF0IM/s/FukYDGOWb9Bk2H6NKZRI2hpIMnw9nw1oYVsVGlwRCTSlVQflPOzO
P8WB
21qWiIGkTGTBN1OQWczHOaK8ZQcDN7lHkGrVdPZKv+3OF71+7ZXYz8futRnY
LFcK
bsAo8cyyXwM2WvdcY+z7gencHpHZeat56UYuEf90jBNtQMKw8nh1Je56nx8L
vg+Z
dguK0viHj0TfsNg8Pntllbleskf9rhELgcJdrSyh5x7Ylz+cUZe+QHAV5WWf
xYIj
46vseyK3fEPtmv9n/+cbyavEZW5YTJCNzq8eSdFVLQwEpML3flCnx0PfIH9k
i2fp
EGY2hQxJDMbCFsx117TzSIHGP3lY0GUzApomlHE3Qx2XrnSdnK9JBFfRAOg7
c1E+
Z7WJIZUHs4Zs8T9pyHHmnwIuDXEG89miGuf2ucMsR5n4WJim+Ee5/jrRMSgx
N9wF
MbjdxJIacQtJaH9LuFak+9+bR0yRVOsjd8AIxlei/TZDynkNZ3L6coArBN2M
BEcz
HT1K8HudenFBXIX/OTZa8TDyp/g1V8C8PukSCNaZ2Np4UO7995IT+L8SAPvy
61Hy
lESZO8RVxPo=
=1klE
-----END PGP SIGNATURE-----


____________________________________________________________
__
Archives:         htt
p://groups.yahoo.com/group/PGP-Basics/messages
OT List:          http://gr
oups.yahoo.com/group/PGP-Basics-OT
OT Subscribe:    
mailto:PGP-Basics-OT-subscribe@yahoogroups.com 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://grou
ps.yahoo.com/group/PGP-Basics/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://
groups.yahoo.com/group/PGP-Basics/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:PGP-Basics-digest@yahoogroups.com 
    mailto:PGP-Basics-fullfeatured@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
    PGP-Basics-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.c
om/info/terms/
Re: "Verify your key" email -- phishing?
country flaguser name
United States		 2007-02-09 09:35:27 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Thomas Furnari wrote:
> Bill Gearhiser wrote:
>> I've just received email titled "[PGP Global
Directory] Verify Your
>> Key", which says, "You have previously
submitted a key to the PGP
>> Global Directory containing the email address
bocagearyahoo.com. We
>> periodically verify each email address to ensure it
remains active and
>> configured to send and receive PGP signed and
encrypted email."
> 
>> Is this real, or phishing?

It is legitimate.  PGP GD will 'ping' every UID email
address shown on
Your Key as listed with them.

JOHN ;)
Timestamp: Friday 09 Feb 2007, 10:35  --500 (Eastern
Standard Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7-svn4425: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho

Comment: Gossamer Spider Web of Trust: http://www.gswot.org
Comment: My Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJFzJS9AAoJEBCGy9eAtCsPZa0IAJZlIbIqXbi25zkupTQ/
6RQi
YFs+tCjbBvt2MshFgr+dhTZ/m2DKkwUCXxGJyOm4tHG+gP7BF30aPF4EOMVb
2++g
V2zSubksuNp2JVH2SQOK8b/3ziHKwSgpWavQWEoXtCdXtuUCdfgskBiH087o
6fyw
sfaGhoUtpbUptpqJi7RvXzWlVAl4MjObBEp1zgKPnDSV9RzK9G0eAhHcOWyh
ZyqA
+IUyachBuUtG7m4F1cTxWxffPgLTus8wE4tCGmCVP1q9ohNDBKjj/h6pj/kS
9XwX
rMMM1msrg8sOzNRGcnCeldTNPWJdsbOQAdvGdu6f+wdJ3d4kelxheY9cEc/K
z4I=
=GwqT
-----END PGP SIGNATURE-----


____________________________________________________________
__
Archives:         htt
p://groups.yahoo.com/group/PGP-Basics/messages
OT List:          http://gr
oups.yahoo.com/group/PGP-Basics-OT
OT Subscribe:    
mailto:PGP-Basics-OT-subscribe@yahoogroups.com 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://grou
ps.yahoo.com/group/PGP-Basics/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://
groups.yahoo.com/group/PGP-Basics/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:PGP-Basics-digest@yahoogroups.com 
    mailto:PGP-Basics-fullfeatured@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
    PGP-Basics-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.c
om/info/terms/
Re: "Verify your key" email -- phishing?
country flaguser name
United States		 2007-02-09 16:56:03 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

In reply to Bill Gearhiser's message sent 2007.02.09 09:20:

> I've just received email titled "[PGP Global
Directory] Verify Your
> Key", which says, "You have previously
submitted a key to the PGP
> Global Directory containing the email address
bocagearyahoo.com. We
> periodically verify each email address to ensure it
remains active and
> configured to send and receive PGP signed and encrypted
email."
>
> Is this real, or phishing?

If the link in the email takes you to the PGP Global
Directory to verify
your authentic public key, then the message is legitimate.
Either you or
someone else has uploaded your public key to the PGP GD. Not
unlike
e164.org's quality of service checks for ENUM, PGP GD will
verify any
destinations presented to it (any email addresses contained
in UID's
with your public key). If you don't answer the challenge
from the GD,
your public key will be dropped from the server. This serves
both to
prevent unauthorized upload of your public key to the GD,
and to enable
the GD to store only keys that contain at least one valid
email address.


- --
List Moderator, PGP Encryption Help Team

Mike Daigle                                   http://www.mikedaigle.ca

My PGP Key                      Send email with
subject=pgpkey-request
Gossamer Spider Web of Trust                      http://www.gswot.org

-----BEGIN PGP SIGNATURE-----
Comment: GSWoT:CA1   Gossamer Spider Web of Trust 
www.gswot.org
Comment: Mike Daigle   Ontario, Canada        
www.mikedaigle.ca

iEYEAREDAAYFAkXM/AQACgkQTvHh4CsVTmJTbACfRtZX5YLqESpOGLk8esIG
GFB+
QCsAnAleneLr82OGXAUS0/7QjTn1H1K+
=dpwd
-----END PGP SIGNATURE-----


____________________________________________________________
__
Archives:         htt
p://groups.yahoo.com/group/PGP-Basics/messages
OT List:          http://gr
oups.yahoo.com/group/PGP-Basics-OT
OT Subscribe:    
mailto:PGP-Basics-OT-subscribe@yahoogroups.com 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://grou
ps.yahoo.com/group/PGP-Basics/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://
groups.yahoo.com/group/PGP-Basics/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:PGP-Basics-digest@yahoogroups.com 
    mailto:PGP-Basics-fullfeatured@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
    PGP-Basics-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.c
om/info/terms/
[1-4]

about | contact  Other archives ( Real Estate discussion Medical topics )