On 2023-01-11 at 16:29:51 UTC-0500 (Wed, 11 Jan 2023 22:29:51 +0100) Peter N. M. Hansteen via mailop <[email protected]> is rumored to have said:
Generating a new, strong (long) password likely won't hurt, but it may not have been necessary. It is more likely that the miscreants injected the message somewhere that does not lend much weight to things like SPF, but
Nope. The Google-generated authentication headers confirm that it came from Mailgun and had a valid signature from the domain reflectiv.net, which matches the domain in the Return Path and both To and From headers. Everything above the DKIM-Signature header is (normal) Google-generated authentication and trace information.
The OP's SPF record includes Mailgun's SPF. Their Mailgun credentials were compromised.
-- Bill Cole [email protected] or [email protected] (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
