Hi Gang I just got a very strange email:
Received: from localhost by sma1.hc682-83.smtpi.com; 01 Jun 2026 00:42:37 +0530 Content-Type: text/html; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Message-Id: <[email protected]> From: =?utf-8?q?Cisco Reporting?= <[email protected]> Sender: [email protected] To: panizzon@XXXX Date: 01 Jun 2026 00:42:37 +0530 Subject: IronPort Spam Quarantine Notification In the email, there is a link leading to: https://dh657-euq1.smtpi.com/Message which again is operated by Cisco. Which shows an email (clearly a phishing email claiming to originate from DHL) in quarantine to my email address. On the top right I am greeted as a user, but when I try to log in for 'advanced remediation' I need to enter a password for my email address I don't know and there is no password recovery option. I found no way to display the email headers of that email in quarantine. As far as I know, I did not subscribe to such a service. But the sending email address: [email protected] has no MX but the IP points to cisco. So to me it looks like this is a fraudulent cisco customer trying to send me spam via the cisco infrastructure, cisco noticing this is spam and asking the RECIPIENT to confirm their customer is sending spam? But the actions don't make sense, I can only release the email (I suppose I would get it) or delete the email. There is no 'report as spam' button unless it is hidden behind the 'advanced' link which needs me to log-in with my alleged cisco account. I am inclined to consider this quarantine notification itself to be spam. Mit freundlichen Grüssen -Benoît Panizzon- -- I m p r o W a r e A G - Leiter Commerce Kunden ______________________________________________________ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 Pratteln Fax +41 61 826 93 01 Schweiz Web http://www.imp.ch ______________________________________________________ _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
