@Bill I was able to reproduce the original email I received without needing my credentials. They weren't compromised.
Le mer. 11 janv. 2023, 23:20, Bill Cole via mailop <[email protected]> a écrit : > On 2023-01-11 at 16:29:51 UTC-0500 (Wed, 11 Jan 2023 22:29:51 +0100) > Peter N. M. Hansteen via mailop <[email protected]> > is rumored to have said: > > > Generating a new, strong (long) password likely won't hurt, but it may > > not > > have been necessary. It is more likely that the miscreants injected > > the > > message somewhere that does not lend much weight to things like SPF, > > but > > Nope. The Google-generated authentication headers confirm that it came > from Mailgun and had a valid signature from the domain reflectiv.net, > which matches the domain in the Return Path and both To and From > headers. Everything above the DKIM-Signature header is (normal) > Google-generated authentication and trace information. > > The OP's SPF record includes Mailgun's SPF. Their Mailgun credentials > were compromised. > > > -- > Bill Cole > [email protected] or [email protected] > (AKA @grumpybozo and many *@billmail.scconsult.com addresses) > Not Currently Available For Hire > _______________________________________________ > mailop mailing list > [email protected] > https://list.mailop.org/listinfo/mailop >
_______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
