I know Cloudflare uses Sparkpost's infra to send replies from their
abuse desk system, which is likely what you're seeing.
Received: from mta-87-157.sparkpostmail.com ([192.174.87.157])
by safari.mxrouting.net with esmtps (TLS1.2) tls
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
(Exim 4.96-58-g4e9ed49f8)
(envelope-from<msprvs1=19814xF2cWR4F=bounces-265...@notify.cloudflare.com>)
id 1roj7P-0002sE-3D
Subject: [a765c4b07061f747] Cloudflare: Abuse report confirmation
On 5/13/24 5:04 PM, Benoit Panizzon via mailop wrote:
Hi all
Our customers increasingly get phishing emails targeting our email
platform accessible under the domain: Cloudflare-ipfs.com
(interplanetary file system, I guess that is their name for CNS).
I reported some of those to the cloudflare abuse desk.
To my surprise, after usually 1 or two days I get a replies From:
"Cloudflare"<ab...@sparkpostmail.com> about them blocking some of the
single URL we report.
So is sparkpostmail.com linked to cloudflare?
Unfortunately the basic issue is not being addressed. The phishers
seem to be able to generate new URI under cloudflare-ipfs.com much
faster thanab...@spakpostmail.com is able to block them.
Even SpamAssassin now has a rule matching those:
URI_CLOUDFLAREIPFS References Interplanetary File System PtP
content via CloudFlare, likely phishing
Mit freundlichen Grüssen
-Benoît Panizzon-
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
