Return-Path no longer reliable to see a phish

#0 - Oct. 3, 2010, 8:42 p.m.

I just got an e-mail (Cataclysm beta test invitation, woo) that got passed my email filters that filter by return path. The Return-Path is the first thing I look at to spot a scam email as it is usually @hotmail or some other site. However, my heart started racing when I got an e-mail that had the Return-Path of [email protected].

However, the second thing I noticed is that there were grammar mistakes. Blizzard Entertainment was not capitalized, nor was Cataclysm. Then I saw a link in the email that was not an official Blizzard website (not that I would have clicked it anyway). The next thing I did was go to the actual site to see if the Cataclysm beta was on my account. It was not.

I'm not sure how they can fake the Return-Path, but it seems they are now able to, so I'd like to warn everybody about this so you're not fooled.

Roraks

#2 - Oct. 3, 2010, 8:51 p.m.

Rosalela is correct, Amlin.

Q u o t e:
The return path is easy to spoof.

To find out if its really a Blizzard e-mail, you would need to look at the e-mail headers.

How do I access email header information? - http://us.blizzard.com/support/article/25133