Just a heads up… Seems I’m getting IngramMicro spam phishing attempts passing DKIM/SPF so probably a hacked account there sending email: [2022.10.21] 18:40:35.911 [37157707] [148.163.152.203] Valid reverse DNS entry found: mx0b-0021cb01.pphosted.com [2022.10.21] 18:40:36.536 [37157707] Running SPF check [2022.10.21] 18:40:36.536 [37157707] Finished SPF check; result = Pass [2022.10.21] 18:40:36.536 [37157707] [DKIM] Performing DKIM check... [2022.10.21] 18:40:36.552 [37157707] [DKIM] Result: Good. [2022.10.21] 18:40:38.083 [37157707] Spam Checks took 2161 ms [2022.10.21] 18:40:38.083 [37157707] Spam Checks completed.
Headers: Return-Path: <prvs=72936fc46a=aexpressaq...@ingrammicro.com> Received: from mx0b-0021cb01.pphosted.com (mx0b-0021cb01.pphosted.com [148.163.152.203]) by smartermail.truenet.com with SMTP (version=TLS\Tls12 cipher=Aes256 bits=256); Fri, 21 Oct 2022 18:40:30 -0400 Received: from pps.filterd (m0096139.ppops.net [127.0.0.1]) by mx0b-0021cb01.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 29LLW5Dl031862; Fri, 21 Oct 2022 15:38:15 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ingrammicro.com; h=message-id : reply-to : from : to : subject : date : mime-version : content-type; s=PPS-Aug2020; bh=KMWrk6rOSKKUSW/SA9MDwca6MwSSasYRpvGaeP5JQZE=; b=OmsimosZ9NIqdbr59AnmGipXTQVyuwCmSS7glFFIUFrCAqzATh0djj5ZJE1aSywsblsR LUBj/rRC2x6hNivvxONfpnFnIUGanVmFEmFr7EwTG7YNlT+xaU9qqYynlW4ZnI4CbrGm 5J83FuQecT26/LxWAbmDcI6lnYpLxvz/wfENDueoEaMyrWy6ApH6gv7jEZlnx/i6/dGl bG99ccz0fxe73QlVO5Ng3Gvfx//dUUujLZ5sTxF+dLz+h50yd/1A7gOK8f8dPu5/Xuz1 9vm7uyZpwzWoB7JVhWd1dCvvPk7lDhVBTW8gbOApA6JEpD6tZNkjrhbvjVAnRephy+UM jg== Received: from mailrelay.ingrammicro.com (smtp1202.ingrammicro.com [64.40.229.202]) by mx0b-0021cb01.pphosted.com (PPS) with ESMTPS id 3kbyv9sdyp-20 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 21 Oct 2022 15:38:15 -0700 Received: from USCHIZWXCH1203.corporate.ingrammicro.com (10.22.120.203) by USCHIZWXCH1202.corporate.ingrammicro.com (10.22.120.202) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.9; Fri, 21 Oct 2022 15:38:13 -0700 Received: from lsmtp33.ingrammicro.com (10.133.22.108) by uschizrelay.corporate.ingrammicro.com (10.22.120.203) with Microsoft SMTP Server id 15.1.2507.9 via Frontend Transport; Fri, 21 Oct 2022 15:38:08 -0700 Message-ID: <ae8b5543b773595271df46ed19d913193f56f...@ingrammicro.com> Reply-To: AEX <bounceus.579786...@service.americanexpress.com> From: AEX <aexpressaq...@ingrammicro.com> To: <je...@medallionfoundation.org> Subject: American Express Alert: Card Dispute Notice Date: Fri, 21 Oct 2022 18:38:40 -0400 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="0a0c45ee1adef4fb08a2eb445095ba0223e9" X-Proofpoint-ORIG-GUID: theT2AhoXJXb9CDUOt1sYWwZM47wrZCp X-Proofpoint-GUID: theT2AhoXJXb9CDUOt1sYWwZM47wrZCp X-Proofpoint-Spam-Details: rule=outbound_policy_notspam policy=outbound_policy score=25 mlxlogscore=47 priorityscore=1501 bulkscore=0 malwarescore=0 suspectscore=0 spamscore=25 adultscore=0 phishscore=34 clxscore=1011 lowpriorityscore=0 impostorscore=0 mlxscore=25 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2209130000 definitions=main-2210210131 Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop