On Tue 10/Dec/2024 23:23:51 +0100 Andrew C Aitchison wrote:
On Tue, 10 Dec 2024, Michael Peddemors via mailop wrote:
Ouch.. getting even harder for recipient spam protections to catch this guy,
given that o365 is also a 'too big to block'..
Standard Paypal Phone Scam we have seen coming from PayPal's own
infrastructure.. But now via o365.. redaccted headers below..
(PayPal should have stopped this at the source long ago)
Maybe someone from o365 can confirm this..
(Also, a duplicate Return-Path problem)
DKIM-Signature: v=1; a=rsa-sha256; d=paypal.com; s=pp-dkim1; c=relaxed/relaxed;
q=dns/txt; i=@paypal.com; t=1733837110;
h=From:From:Subject:Date:To:MIME-Version:Content-Type;
bh=4Bo+xEAj0oIFcgcXBsH4ZnETeria/8Hb5NVyfSlIlRE=;
b=J9gaiwmVtu2IwmWXt/DLX1M2PT1cqg2QgfzcQL0bjGpEjM+qf1bZKNquNonM0yUy
A5kq/qTWa0nVF74UCu4H+fPmmPfCEZ8ay8c30nA8l8s4CTVgg1arwjUHxeO60ZZ7
feTp3T41+M6qrsgFAGkGU6FGrmwucVCgtvhONS0vq3cNMwXvm7nMAuaSE45MPRsN
22JVgGMW3zMAQZEMgz1euMlXcmlwFoI5rnXo28E6usdq/jpZR/jq2Cq9k5QJPEvF
XE5QUY1yA4CwEy+awtojNwsm/B22e7sKozUkWpJPRaElrkKIGUuSadGkk07c+oCM
ECqgrKIHXb8KaospjDRdag==;
Ah yes, h= does not include Message-ID :-(
It wouldn't be a problem to replay a message preserving Message-ID.
The weak point is to allow the sender's note to cheat, giving the phish number
as if it were Paypal's. I understand Paypal don't want to put their own phone
number for people to call whenever in doubt. However, they could put an advice
telling so, and were to report abuse.
Best
Ale
--
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
