On Tue, 23 Feb 2021 13:41:58 -0800 (PST)
John Hardin wrote:
> On Tue, 23 Feb 2021, Dan Malm wrote:
>
> > On 2021-02-23 16:29, John Hardin wrote:
> >> On Tue, 23 Feb 2021, Dan Malm wrote:
> >>> Received: from onecom-webmail1 (service.pub.appspod1-cph3.one.com
> >>> [ ])
> >>> by mailrelay3
On Tue, 23 Feb 2021, Ricky Boone wrote:
Seeing an interesting phishing campaign that appears to be
personalizing components of the message and URL endpoints to
potentially get around blacklists and other filters. Unfortunately I
can't share the exact example publicly without effectively
On Tue, 23 Feb 2021, Dan Malm wrote:
On 2021-02-23 16:29, John Hardin wrote:
On Tue, 23 Feb 2021, Dan Malm wrote:
On 2021-02-19 16:13, John Hardin wrote:
On Fri, 19 Feb 2021, Dan Malm wrote:
I have a system that received mail from a webmail product that adds a
X-Originating-IP header with
On 2021-02-23 20:51, Ricky Boone wrote:
* Examples I'm seeing have nearly blank message, and an HTML
attachment with a JavaScript window.location.href redirect related to
the attacker URL.
* Attacker is leveraging SendGrid
i have local clamav signature to catch html attachment
inspiration
Seeing an interesting phishing campaign that appears to be
personalizing components of the message and URL endpoints to
potentially get around blacklists and other filters. Unfortunately I
can't share the exact example publicly without effectively recreating
the email, but here's a summary of
On 2021-02-23 16:14, Dan Malm wrote:
X-Originating-IP: 46.30.211.29
User-Agent: One.com webmail 39.4.34
Message-ID: <161373401.26136.389428@webmail1>
this ip is not pbl listed
if it was i would meta rule it
On 2021-02-23 16:29, John Hardin wrote:
> On Tue, 23 Feb 2021, Dan Malm wrote:
>
>> On 2021-02-19 16:13, John Hardin wrote:
>>> uOn Fri, 19 Feb 2021, Dan Malm wrote:
>>>
I have a system that received mail from a webmail product that adds a
X-Originating-IP header with the IP of the
On Tue, 23 Feb 2021, Dan Malm wrote:
On 2021-02-19 16:13, John Hardin wrote:
uOn Fri, 19 Feb 2021, Dan Malm wrote:
I have a system that received mail from a webmail product that adds a
X-Originating-IP header with the IP of the webmail user.
Since Spamassassin for some reason considers that
On 2021-02-19 16:13, John Hardin wrote:
> uOn Fri, 19 Feb 2021, Dan Malm wrote:
>
>> I have a system that received mail from a webmail product that adds a
>> X-Originating-IP header with the IP of the webmail user.
>>
>> Since Spamassassin for some reason considers that to be a
>> Received-header
On 22/02/2021 15:45, Dominic Raferd wrote:
On 22/02/2021 15:05, RW wrote:
On Sun, 21 Feb 2021, Dominic Raferd wrote:
Michael's suggestion is interesting. There is a github project
allowing Levenshtein numbers to be calculated and used in SA, I
will see if there is a way to apply it in this
10 matches
Mail list logo