cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
271
Views
0
Helpful
3
Replies

OpenDNS and phisihing tests

salvogreco
Level 1
Level 1

How does OpenDNS work with phishing tests as done through Wombat/Proofpoint?

 

Reason for asking is that I am getting a number of phishing test emails being opened and the link "being clicked on" when the DNS server is set to OpenDNS. I am not technical enough to understand how this would work.

 

Please help as its messing with my stats.

3 Replies 3

rotblitz
Level 6
Level 6

I do not believe that these phishing test emails are related to OpenDNS at all.  And I do not understand what this would have to do with your stats.  But I'm just user not being finally in the position to answer this.  Your best bet is to open a support ticket, link "Submit a request" above.

Fact is that OpenDNS blocks access to phishing websites (not to phishing emails), i.e. sites which are you to enter personal confidential information in order to steal them from you.

salvogreco
Level 1
Level 1

I didnt think it mattered either, but I am getting these IP addresses that have a reverse that points to OpenDNS.

 

55.54.67.77.in-addr.arpa domain name pointer files.opendns.com.
52.54.67.77.in-addr.arpa domain name pointer block.opendns.com.
53.54.67.77.in-addr.arpa domain name pointer guide.opendns.com.
54.54.67.77.in-addr.arpa domain name pointer phish.opendns.com.

These are the domains that are opening the phishing test emails as well as clicking on the fake phishing links in the email.

The stats portion is to count the number of users that are clicking the phishing emails and not have a system click the link, which fouls the stats.

I have whitelisted the sending IP address in our mail servers and content filters, but I dont have that ability to whitelist it on OpenDNS.

This is why I am asking, HOW are these IP addresses listed above opening and clicking on my phishing test emails.

 

rotblitz
Level 6
Level 6

These four PTR entries are outdated, because the real IP addresses for these OpenDNS subdomains are all different around the globe.

Else no idea.  We other users cannot know.  As I said, you should open a support ticket.  You normally do not get responses from staff here in the forum, just from other users.