Jakub:
I’ll follow up with you off-list. Thanks!
---
Nicolas Webb
Email Postmaster
Amazon Simple Email Service (SES)
On 3/17/17, 2:15 AM, "mailop on behalf of Jakub Olexa"
<mailop-boun...@mailop.org on behalf of ja...@mailkit.eu> wrote:
Hi,
we've come accross some odd messages hitting spam traps coming from
amazonses but pretending to be amazon.com messages. There is a possible
security flaw in the SPF for amazon.com permitting amazonses.com to send
email on behalf of amazon.com and making it vulnerable to phishing.
Here is a sample message:
Return-Path: <deliverability.te...@amazon.com>
Delivered-To: spam...@excello.cz
Received: from posta.excello.cz
by posta.excello.cz (Dovecot) with LMTP id +XS2LEpXyli9GwAA3RyBeg
for <spam...@excello.cz>; Thu, 16 Mar 2017 10:13:46 +0100
Received: from bq.virusfree.cz (bq.virusfree.cz [IPv6:2001:67c:15a2::b])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by posta.excello.cz (Postfix) with ESMTPS id 977092C9CB8
for <s...@virusfree.cz>; Thu, 16 Mar 2017 10:13:46 +0100 (CET)
Received: (qmail 5623 invoked from network); 16 Mar 2017 10:13:46 +0100
Received: from bq.virusfree.cz by bq.virusfree.cz
(VF-Scanner: Clear:RC:0(54.240.11.93):;
processed in 0.0 s); 16 Mar 2017 09:13:46 +0000
X-VF-Scanner-Mail-From: deliverability.te...@amazon.com
X-VF-Scanner-Rcpt-To: s...@virusfree.cz
X-VF-Scanner-ID: 20170316091346.429791.5384.bq.0
Received: from a11-93.smtp-out.amazonses.com (54.240.11.93)
by bx.virusfree.cz with ESMTPS (TLSv1, ECDHE-RSA-AES128-SHA); 16 Mar
2017 10:13:46 +0100
Received-SPF: pass (bq: domain of amazon.com designates 54.240.11.93 as
permitted sender) client-ip=54.240.11.93;
envelope-from=deliverability.te...@amazon.com;
helo=a11-93.smtp-out.amazonses.com;
From: deliverability.te...@amazon.com
Content-Type: text/plain
Subject: Account update
Date: Thu, 16 Mar 2017 09:04:04 +0000
Message-ID:
<0100015ad65c1837-5fe81fb9-a931-468e-b8c1-17f72806f2dd-000...@email.amazonses.com>
To: bobbr...@250ok.co
X-250ok-CID: amazon2017.03.16-54.240.11.93
X-SES-Outgoing: 2017.03.16-54.240.11.93
Thanks for visiting Amazon.com! Per your request:
You have successfully changed your password.
Visit Your Account at Amazon.com to view your orders, make changes to any
order that hasn't yet entered the shipping process, update your subscriptions,
and much more.
Should you need to contact us for any reason, please know that we can give
out order information only to the name and e-mail address associated with your
account.
Thanks again for shopping with us.
--
Jakub Olexa
Mailkit s.r.o.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
