OpenDNS and phisihing tests

Comments

3 comments

  • Avatar
    rotblitz

    I do not believe that these phishing test emails are related to OpenDNS at all.  And I do not understand what this would have to do with your stats.  But I'm just user not being finally in the position to answer this.  Your best bet is to open a support ticket, link "Submit a request" above.

    Fact is that OpenDNS blocks access to phishing websites (not to phishing emails), i.e. sites which are you to enter personal confidential information in order to steal them from you.

    0
    Comment actions Permalink
  • Avatar
    salvogreco

    I didnt think it mattered either, but I am getting these IP addresses that have a reverse that points to OpenDNS.

     

    55.54.67.77.in-addr.arpa domain name pointer files.opendns.com.
    52.54.67.77.in-addr.arpa domain name pointer block.opendns.com.
    53.54.67.77.in-addr.arpa domain name pointer guide.opendns.com.
    54.54.67.77.in-addr.arpa domain name pointer phish.opendns.com.

    These are the domains that are opening the phishing test emails as well as clicking on the fake phishing links in the email.

    The stats portion is to count the number of users that are clicking the phishing emails and not have a system click the link, which fouls the stats.

    I have whitelisted the sending IP address in our mail servers and content filters, but I dont have that ability to whitelist it on OpenDNS.

    This is why I am asking, HOW are these IP addresses listed above opening and clicking on my phishing test emails.

     

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    These four PTR entries are outdated, because the real IP addresses for these OpenDNS subdomains are all different around the globe.

    Else no idea.  We other users cannot know.  As I said, you should open a support ticket.  You normally do not get responses from staff here in the forum, just from other users.

    0
    Comment actions Permalink

Please sign in to leave a comment.