CloudFilter is Proofpoint, right ? We still gets tons of Spam from them. Not sure if this is related to this echospoofing but we just got a pretty big wave
Received: from omta040.useast.a.cloudfilter.net (omta040.useast.a.cloudfilter.net [44.202.169.39]) by mx.emailarray.com (Haraka/2.8.21) with ESMTPS id 6075B447-619F-4FE2-94FB-B6B586F92374.3 envelope-from (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 verify=FAIL); Thu, 01 Aug 2024 16:19:30 -0400 Received: from eig-obgw-6009a.ext.cloudfilter.net ([10.0.30.184]) by cmsmtp with ESMTPS id ZYIHspqDRnNFGZcGnsTR6p; Thu, 01 Aug 2024 20:19:29 +0000 Received: from cp-in-14.webhostbox.net ([103.50.162.147]) by cmsmtp with ESMTPS id ZcGksNXf0oaMiZcGlsDN9r; Thu, 01 Aug 2024 20:19:28 +0000 X-Authority-Analysis: v=2.4 cv=deKG32Xe c=1 sm=1 tr=0 ts=66abedd0 a=+OZ35jC+7F35rNibgVyYDA==:117 a=jZ5zol7y3lBdV6rxEGevAg==:17 a=MKtGQD3n3ToA:10 a=yoJbH4e0A30A:10 a=5KLPUuaC_9wA:10 a=M51BFTxLslgA:10 a=A4EqBspgoKYA:10 a=n9Fe_nV6AAAA:8 a=x8JhEuIrCajjPMggPtkA:9 a=PEF53iIozS7NwpkX:21 a=_W_S_7VecoQA:10 a=lqcHg5cX4UMA:10 a=xOl7BDxbbtdmDN2MprIA:9 a=HXjIzolwW10A:10 a=T6a71-JsGAwA:10 a=wlHTxKAh8-WCeF7hZiUK:22 a=WVAGjVSKdBBTa5aWMILr:22 a=WIq2oDtJ_6PiUi2x2ys3:22 Received: from [45.137.126.85] (port=62285 helo=[185.198.243.176]) by cp-in-14.webhostbox.net with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96.2) (envelope-from ) id 1sZcGi-002goN-2w On Wednesday, 31/07/2024 at 10:10 Bill Cole via mailop wrote: On 2024-07-31 at 03:41:49 UTC-0400 (Wed, 31 Jul 2024 08:41:49 +0100 (BST)) Andrew C Aitchison via mailop is rumored to have said: On Wed, 30 Jul 2024, John Levine via mailop wrote: It appears that Jaren Angerbauer via mailop said: $dayjob is Proofpoint -- I have been heavily involved with this. We have gone to great lengths to raise awareness with customers and get them to correctly configure their systems. Ultimately up to them though, despite our warnings of potential consequences for not doing this. Our response to Guardio's article: https://www.proofpoint.com/us/blog/threat-insight/scammer-abuses-microsoft-365-tenants-relaying-through-proofpoint-servers-deliver Sounds like it's the usual problem -- once the mail seems to work, no amount of nagging will get them to change anything until it visibly breaks. Maybe the problem is that having bought in an outside service there is no one left in-house with the technical experience* to do anything beyond the day-to-day stuff ? This is a problem intrinsic to email outsourcing. The sales pitch from filtering and mailbox providers has broadly been "Come to us and you can fire your cranky old expensive sysadmins." So many did just that. But of course, the excellent sysadmins at places like Proofpoint, Barracuda, GMail, and Microsoft are spread so thin and have so little engagement with customers that they might as well not exist. That blog post Jaren referenced describes the result: reactive security rather than preventative and reliance on customers' technically weak staff to make a potentially breaking config change to a function that they clearly misunderstood when it was set up. [email protected] or [email protected] (AKA @[email protected] and many *@billmail.scconsult.com addresses) Not Currently Available For Hire
_______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
