Hi,
>> https://pastebin.com/raw/Fv5NKRAP
>>
>> Anyone able to take a look and provide ideas on how to block them? It
>> passes with DKIM_VALID_AU, RCVD_IN_SENDERSCORE_90_100 and SPF_PASS.
>>
>> It's missing headers, and I've written a rule to account for that, but
>> it would be great to have some
On 15 May 2018, at 20:27, Alex wrote:
Hi,
We received another of those phishes as a result of a compromised O365
account.
https://pastebin.com/raw/Fv5NKRAP
Anyone able to take a look and provide ideas on how to block them? It
passes with DKIM_VALID_AU, RCVD_IN_SENDERSCORE_90_100 and SPF_PAS
On Tue, 15 May 2018, David B Funk wrote:
On Tue, 15 May 2018, Alex wrote:
[snip..]
Train bayes, look for custom URIBL lists that might hit that powned
website.
I wasn't referring to the site that was the source of the message but the
website that was hosting that PHISH login page.
(EG that
David B Funk schrieb am 10.05.2018 um 20:23:
On Thu, 10 May 2018, John Hardin wrote:
On Thu, 10 May 2018, Matthew Broadhead wrote:
On 09/05/18 20:43, David Jones wrote:
On 05/09/2018 01:29 PM, Matthew Broadhead wrote:
On 09/05/18 16:37, Reindl Harald wrote:
quoting URIBL_BLOCKED is a joke
On 05/15/2018 08:26 PM, David B Funk wrote:
On Tue, 15 May 2018, Alex wrote:
Hi,
We received another of those phishes as a result of a compromised O365
account.
https://pastebin.com/raw/Fv5NKRAP
Anyone able to take a look and provide ideas on how to block them? It
passes with DKIM_VALID_AU
Alex skrev den 2018-05-16 02:27:
https://pastebin.com/raw/Fv5NKRAP
reduce whitelist scores
raise scores on spam, for the remaining tags
put into corpus testing, to hope scores will begin to score it as spam
