IIS Server Security >> authentic messages from Microsoft

by Monica » Tue, 14 Oct 2003 00:42:07 GMT

How can I tell if a message delivered to my email is
authentic? Today I have two - one from Program Security
Division and one from XXXX@XXXXX.COM . I have
been deleting messages because I don't know who I can
trust. Monica

IIS Server Security >> authentic messages from Microsoft

by Invotion » Tue, 14 Oct 2003 04:29:52 GMT


Monica,

You are right to delete those messages. Microsoft never
sends updates via email. Anything you get claiming to be
from microsoft with an attachment to run should be
treated as a virus and deleted asap.

Sincerely,
Invotion Engineering Team
Advanced Microsoft Hosting Solutions
http://www.Invotion.com

IIS Server Security >> authentic messages from Microsoft

by Adam » Tue, 14 Oct 2003 08:55:02 GMT

Also, Microsoft digitally signs each of the authentic
messages. Illigitimate e-mail does is not digitally
signed by VeriSign like e-mail from Microsoft is (you can
find out if it's signed by double-clicking the eye icon
in the Status Bar [the bottom of Internet Explorer] and
looking at the certificate). Spammers attach fake
download patches to their e-mails, which Microsoft nerver
does. If you want to know more about spotting a bogus MS
e-mail, look at <a href= http://go.microsoft.com/?
linkid=267316> this link.</a>

IIS Server Security >> authentic messages from Microsoft

by jcochran.nospam » Tue, 14 Oct 2003 20:42:01 GMT

On Mon, 13 Oct 2003 09:42:07 -0700, "Monica" < XXXX@XXXXX.COM >



Give it the logic test. Are you so special that Microsoft would
actually mail you something directly?

All Microsoft security updates are available online.

Refer to:

http://www.microsoft.com/technet/security/community/default.mspx
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/Default.asp

Jeff

IIS Server Security >> authentic messages from Microsoft

by Jerry III » Wed, 15 Oct 2003 15:04:02 GMT

As far as I've seen Microsoft does not generally sign their e-mails. And if
they do they use PGP instead of standards such as S/MIME (so many users seem
to think that Verisign equals security).

And I'm just curious: how exactly do you read e-mail using Internet
Explorer? That eye icon in the status bar means that IE rejected some
cookies the web page you're viewing tried to set, how did you come to the
conclusion that it means if an e-mail message is signed, IE is not even an
e-mail client.

Jerry