Looks like a compromised mailbox from the Generalitat de Catalunya (aka
the state government). They use Ironport as a gateway. I'll ping some
contacts and let them know.
On 2/14/25 4:26 PM, Benoît Panizzon via mailop wrote:
Hi Gang
I have come across a couple of spam mails which seem to have taken a
strange path:
This is generated by our platform, so a header I can trust. Also that
Ironport IP is on many whitelists as trusted sender.
Received: from esa.hc489-80.eu.iphmx.com (esa.hc489-80.eu.iphmx.com
[207.54.69.189])
by asterix.imp.ch (Postfix) with ESMTP id D7586C7B3B
for <mailer-dae...@asterix.imp.ch>; Fri, 14 Feb 2025 16:08:35
+0100 (CET)
Those are the next received header (removed all those Outlook / Microsoft
Specific header in between).
--- snipp ---
Received: from mail-northeuropeazlp17012026.outbound.protection.outlook.com
(HELO DU2PR03CU002.outbound.protection.outlook.com) ([40.93.64.26])
by ob1.hc489-80.eu.iphmx.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14
Feb 2025 16:08:33 +0100
Received: from DU0PR03MB8390.eurprd03.prod.outlook.com (2603:10a6:10:3ba::5)
by DB9PR03MB7386.eurprd03.prod.outlook.com (2603:10a6:10:22e::11) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8445.16; Fri, 14 Feb
2025 15:08:11 +0000
Received: from DU0PR03MB8390.eurprd03.prod.outlook.com
([fe80::75cc:1dd2:1209:d04e]) by DU0PR03MB8390.eurprd03.prod.outlook.com
([fe80::75cc:1dd2:1209:d04e%4]) with mapi id 15.20.8445.008; Fri, 14 Feb 2025
15:08:11 +0000
From: "Franco Emiliano, Gemma" <gemmafra...@gencat.cat>
Subject: AW: Kreditangebot
--- snapp ---
Either, all the microsoft header are fake, or this was routed from microsoft
through ironport to send spam from a reputable ip address?
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
