Hi Team Anyone else seeing all those phishing emails being set with valid DKIM signature and passing SPF from the domain:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=diplomatie.gov.tn Sent from some IP in Range: 197.10.243.0/24 relayed via maemail20.gwout.tn [41.231.50.61] diplomatie.gov.tn descriptive text "v=spf1 include:_spf.diplomatie.gov.tn -all" _spf.diplomatie.gov.tn descriptive text "v=spf1 ip4:193.95.97.0/24 ip4:193.95.66.0/26 ip4:196.203.249.0/24 ip4:196.203.250.0/24 ip4:193.95.2.14/32 ip4:193.95.67.14/32 ip4:196.203.233.0/24 ip4:41.231.50.0/24 ip4:197.10.250.0/24 ip4:196.203.233.0/24 ip4:197.10.243.129/26" Seeing multiple connection/minute right now, mostly devlivery attempts to bogus email addresses. I'm going to block: 41.231.50.61 -- Mit freundlichen Grüssen -Benoît Panizzon- @ HomeOffice und normal erreichbar -- I m p r o W a r e A G - Leiter Commerce Kunden ______________________________________________________ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 Pratteln Fax +41 61 826 93 01 Schweiz Web http://www.imp.ch ______________________________________________________ _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
