Can anyone who may have worked at MS, AWS, Google speak to whether these giants with their Ai actually scan outbound email from their very own relay/edge servers? Or do they forgo doing so because its their “customers” emails?
Sent from my iPhone > On Feb 7, 2025, at 1:12 PM, Kris Deugau <kdeu...@vianet.ca> wrote: > > Dave Funk wrote: >> The examples of this scam that I've seen use that same PayPal comment tactic >> but then route it to an Office-365 mailbox which has a redirect to the >> victim's address. >> So the resultant message has both PayPal & O-365 valid DKIM signatures; not >> to mention the multiple KB of O-365 header cruft which makes it hard to >> trace the original source. > > Just to throw some extra, um, "joy" into this conversation... > > I've just seen a sample, received directly by our spam filter tuning role > account, that first travelled through a Google account (probably GMail, if > I've unwound the headers right), which forwarded to the > compromised/scammer-owned M365 tenant, which forwarded to us (and who knows > who all else. > > I'll report it to PayPal, Google, and MS, but watch as nothing happens... > > GNGGNGNGNGNNNNNNNNNGGH..... > > -kgd
