On 10/05/2018, 15:54, "David Jones" <djo...@ena.com> wrote:
They do. I saw an example a few weeks ago.
>Paul Stead claims to have seen it, but it's important to positively
>identify it as spoofing and not hacking.
Not sure what the difference is from a mail filtering perspective. From
Microsoft's perspective it is both. A spammer got someone's password
and started sending a bunch of invoice phishing emails pretending to be
a local construction company that happens to host their email on O365 so
their SPF record is good.
I agree this scenario seems unlikely, I can't find any example, I have done
some testing myself.
Seems that O365 will return
550 5.7.60 SMTP; Client does not have permissions to send as this sender
if the SMTP From is anything but an accepted address for that user in the
domain controlled with O365
I was convinced I have seen this scenario but without the evidence I'll have to
chalk it to bad memory
Paul
--
Paul Stead
Senior Engineer (Tools & Technology)
Zen Internet
Direct: 01706 902018
Web: zen.co.uk
Winner of 'Services Company of the Year' at the UK IT Industry Awards
This message is private and confidential. If you have received this message in
error, please notify us and remove it from your system.
Zen Internet Limited may monitor email traffic data to manage billing, to
handle customer enquiries and for the prevention and detection of fraud. We may
also monitor the content of emails sent to and/or from Zen Internet Limited for
the purposes of security, staff training and to monitor quality of service.
Zen Internet Limited is registered in England and Wales, Sandbrook Park,
Sandbrook Way, Rochdale, OL11 1RY Company No. 03101568 VAT Reg No. 686 0495 01
