Re: [mailop] Valid SPF/DKIM/DMARC *SPAM* coming from my domain ?!

According to Cyril - ImprovMX via mailop : >If you send an email hosted by Mailgun and that is redirected, Mailgun will >add a DKIM header of the managed domain. >The problem is that if I send an email setting the "From" as the email >managed by Mailgun, the email will then have a valid DKIM signat

Re: [mailop] Valid SPF/DKIM/DMARC *SPAM* coming from my domain ?!

op on behalf of Michael Peddemors > via mailop > *Sent:* Wednesday, January 11, 2023 7:37 PM > *To:* mailop@mailop.org > *Subject:* Re: [mailop] Valid SPF/DKIM/DMARC *SPAM* coming from my domain > ?! > > host reflectiv.net > reflectiv.net has address 75.2.60.5 > reflect

Re: [mailop] Valid SPF/DKIM/DMARC *SPAM* coming from my domain ?!

[email on acid] <https://www.emailonacid.com/> From: mailop on behalf of Michael Peddemors via mailop Sent: Wednesday, January 11, 2023 7:37 PM To: mailop@mailop.org Subject: Re: [mailop] Valid SPF/DKIM/DMARC *SPAM* coming from my domain ?! host reflec

Re: [mailop] Valid SPF/DKIM/DMARC *SPAM* coming from my domain ?!

host reflectiv.net reflectiv.net has address 75.2.60.5 reflectiv.net mail is handled by 10 mxb.mailgun.org. reflectiv.net mail is handled by 10 mxa.mailgun.org. Ummm Now, it is pretty obvious that this is sent via MailGun, which of course needs to improve it's outbound filters, seeing way t

Re: [mailop] Valid SPF/DKIM/DMARC *SPAM* coming from my domain ?!

It appears that Cyril - ImprovMX via mailop said: >-=-=-=-=-=- >-=-=-=-=-=- > >Hi everyone! > >Today, I received a spam ("I got full access to your computer and installed >a trojan" kind of email). In general, I completely ignore these, but today >was different: > >The sender and recipient were my

Re: [mailop] Valid SPF/DKIM/DMARC *SPAM* coming from my domain ?!

@Bill I was able to reproduce the original email I received without needing my credentials. They weren't compromised. Le mer. 11 janv. 2023, 23:20, Bill Cole via mailop a écrit : > On 2023-01-11 at 16:29:51 UTC-0500 (Wed, 11 Jan 2023 22:29:51 +0100) > Peter N. M. Hansteen via mailop > is rumore

Re: [mailop] Valid SPF/DKIM/DMARC *SPAM* coming from my domain ?!

Thank you everyone for your follow up. Your suggestion, Jarland, is very interesting. I also find it odd to have the sakura.ne.jp server appear out of nowhere! If it were to be a hack of my account, it would be Mailgun->Gmail, that's all. (well, I hope so) ... and, you put me on the right track!

Re: [mailop] Valid SPF/DKIM/DMARC *SPAM* coming from my domain ?!

On 2023-01-11 at 16:29:51 UTC-0500 (Wed, 11 Jan 2023 22:29:51 +0100) Peter N. M. Hansteen via mailop is rumored to have said: Generating a new, strong (long) password likely won't hurt, but it may not have been necessary. It is more likely that the miscreants injected the message somewhere tha

Re: [mailop] Valid SPF/DKIM/DMARC *SPAM* coming from my domain ?!

Dňa 11. januára 2023 21:00:50 UTC používateľ Cyril - ImprovMX via mailop napísal: >Hi everyone! > >Today, I received a spam ("I got full access to your computer and installed >a trojan" kind of email). In general, I completely ignore these, but today >was different: From time to time (once per 1

Re: [mailop] Valid SPF/DKIM/DMARC *SPAM* coming from my domain ?!

On Wed, Jan 11, 2023 at 10:00:50PM +0100, Cyril - ImprovMX via mailop wrote: > Hi everyone! > > Today, I received a spam ("I got full access to your computer and installed > a trojan" kind of email). In general, I completely ignore these, but today > was different: > > The sender and recipient we

Re: [mailop] Valid SPF/DKIM/DMARC *SPAM* coming from my domain ?!

Looking at it again, I agree with Todd and Jarland's hypothesis; Forwarding sounds more plausible than an API submission via compromised credentials in this case. I think that hit the nail on the head. This also correlates to one of Mailgun's product offerings

Re: [mailop] Valid SPF/DKIM/DMARC *SPAM* coming from my domain ?!

Is there some kind of forwarding address or something that would end up going through your mailgun account? The reason I ask is this header right here: Received: from reflectiv.net (os3-384-25366.vs.sakura.ne.jp [133.167.109.120]) by db739d28cce8 with SMTP id ; Wed, 11 Jan 2023 00:26:59 GMT

Re: [mailop] Valid SPF/DKIM/DMARC *SPAM* coming from my domain ?!

This looks like a message that maybe might've been sent to a reflectiv.net address (perhaps the one advertised on your website? contact at reflectiv.net?) and then automatically forwarded by Mailgun (which hosts inbound mail for reflectiv.net) to a Google account (since Mailgun probably doesn't do

Re: [mailop] Valid SPF/DKIM/DMARC *SPAM* coming from my domain ?!

Do you have an API ID and key/password for Mailgun somewhere that was compromised? Was it saved somewhere like a password manager (think Lastpass)? This looks as if the host submitted it directly to Mailgun, hence it passed all email authentication. On 1/11/2023 3:00 PM, Cyril - ImprovMX via m

[mailop] Valid SPF/DKIM/DMARC *SPAM* coming from my domain ?!

Hi everyone! Today, I received a spam ("I got full access to your computer and installed a trojan" kind of email). In general, I completely ignore these, but today was different: The sender and recipient were my own email! What's odd is that I did configure SPF (granted, with a "~") but also a DM