The DKIM signature looks valid. On Mon, Nov 14, 2022 at 3:43 PM Alan Hodgson <ahodg...@lists.simkin.ca> wrote:
> On Mon, 2022-11-14 at 15:14 -0500, Shawn Iverson wrote: > > How do I stop this? paypal.com is in the default DKIM whitelist! > > > > That message really looks like it came from Paypal and then was > forwarded by Microsoft to your server. Was it really a fake? That's a > lot of headers to fake if so. > > If it was really fake and that paypal-supplied DKIM signature doesn't > validate (I didn't check that), then checking DMARC when you receive > mail and rejecting on p=reject failures would block it. >
