On Sun, 21 Feb 2021, John Hardin wrote:
On Sun, 21 Feb 2021, Dominic Raferd wrote:
On 21/02/2021 20:09, Benny Pedersen wrote:
On 2021-02-21 19:44, Dominic Raferd wrote:
Presumably interfacefm.com has been hacked, but not to the extent that
they can intercept incoming replies.
I stand
On Sun, 21 Feb 2021, Dominic Raferd wrote:
On 21/02/2021 20:09, Benny Pedersen wrote:
On 2021-02-21 19:44, Dominic Raferd wrote:
Presumably interfacefm.com has been hacked, but not to the extent that
they can intercept incoming replies.
I stand corrected; but as they specify p=none, the
On 2021-02-21 23:00, Dominic Raferd wrote:
p=none is an instruction from the domain controller *not* to reject
emails from their domain even when they fail DMARC testing. So the end
result is that this mail should pass through DMARC testing.
remember dmarc can pass on spf pass only, even if
On 21/02/2021 20:09, Benny Pedersen wrote:
On 2021-02-21 19:44, Dominic Raferd wrote:
Presumably interfacefm.com has been hacked, but not to the extent that
they can intercept incoming replies.
I stand corrected; but as they specify p=none, the mail must still pass.
in what way should it
On 2021-02-21 19:44, Dominic Raferd wrote:
Presumably interfacefm.com has been hacked, but not to the extent that
they can intercept incoming replies.
I stand corrected; but as they specify p=none, the mail must still
pass.
in what way should it pass ?
dmarc tests spf, dkim, and opendmarc
On 21/02/2021 17:37, RW wrote:
On Sun, 21 Feb 2021 17:00:32 +
Dominic Raferd wrote:
On 21/02/2021 16:20, Benny Pedersen wrote:
On 2021-02-21 17:00, RW wrote:
On Sun, 21 Feb 2021 14:04:20 +
Dominic Raferd wrote:
On 21/02/2021 13:56, RW wrote:
From: "Karen Howard"
Reply-To:
On Sun, 21 Feb 2021 17:00:32 +
Dominic Raferd wrote:
> On 21/02/2021 16:20, Benny Pedersen wrote:
> > On 2021-02-21 17:00, RW wrote:
> >> On Sun, 21 Feb 2021 14:04:20 +
> >> Dominic Raferd wrote:
> >>
> >>> On 21/02/2021 13:56, RW wrote:
> >>
> >>> >>> From: "Karen Howard"
> >>>
On 21/02/2021 16:20, Benny Pedersen wrote:
On 2021-02-21 17:00, RW wrote:
On Sun, 21 Feb 2021 14:04:20 +
Dominic Raferd wrote:
On 21/02/2021 13:56, RW wrote:
>>> From: "Karen Howard"
>>> Reply-To: "Karen Howard"
Yes this mail passed DMARC
How did it pass DMARC when it has the
On 2021-02-21 17:00, RW wrote:
On Sun, 21 Feb 2021 14:04:20 +
Dominic Raferd wrote:
On 21/02/2021 13:56, RW wrote:
>>> From: "Karen Howard"
>>> Reply-To: "Karen Howard"
Yes this mail passed DMARC
How did it pass DMARC when it has the domain being spoofed in the from
header?
On Sun, 21 Feb 2021 14:04:20 +
Dominic Raferd wrote:
> On 21/02/2021 13:56, RW wrote:
> >>> From: "Karen Howard"
> >>> Reply-To: "Karen Howard"
> Yes this mail passed DMARC
How did it pass DMARC when it has the domain being spoofed in the from
header?
On 2021-02-21 15:55, Alex wrote:
It seems Google Forms is being used to send links to malicious sites
and junk. It's making it through because of USER_IN_DEF_DKIM_WL. Is it
time to remove Google/Gmail from this rule?
adjust that score on dkim wl
score USER_IN_DEF_DKIM_WL (4) (4) (4) (4)
Hi,
It seems Google Forms is being used to send links to malicious sites
and junk. It's making it through because of USER_IN_DEF_DKIM_WL. Is it
time to remove Google/Gmail from this rule?
Perhaps a meta that combines USER_IN_DEF_DKIM_WL with BAYES_99 adds
the points back?
Perhaps just blocking
On 21/02/2021 13:56, RW wrote:
On Sun, 21 Feb 2021 11:28:51 +0100
Michael Storz wrote:
Am 2021-02-20 08:58, schrieb Dominic Raferd:
Is there a rule to catch cases where the domain of the Reply-To
header is a subtle variant on that in the To header. Take this
(real) example from a phishing
On Sun, 21 Feb 2021 11:28:51 +0100
Michael Storz wrote:
> Am 2021-02-20 08:58, schrieb Dominic Raferd:
> > Is there a rule to catch cases where the domain of the Reply-To
> > header is a subtle variant on that in the To header. Take this
> > (real) example from a phishing email sent yesterday:
>
Am 2021-02-20 08:58, schrieb Dominic Raferd:
Is there a rule to catch cases where the domain of the Reply-To header
is a subtle variant on that in the To header. Take this (real) example
from a phishing email sent yesterday:
From: "Karen Howard"
Reply-To: "Karen Howard"
I realise that other
15 matches
Mail list logo
