Bill Cole writes:
> It can happen, particularly when a listed domain changes the way they
> send email. I'm not sure I understand exactly what Dropbox is doing
> here or how it is possible for a user to masquerade as PayPal, but I
> suspect this is a new service of some sort.
It seems to be a n
Technically you pommel m
> On Mar 20, 2023, at 5:34 PM, Mark London wrote:
>
> Dropbox now has an invoice feature, that allows you to create a customized
> invoice. So what this person did was to create an invoice that looks like
> it’s coming from PayPal. Except for the fact that the From
Dropbox now has an invoice feature, that allows you to create a customized
invoice. So what this person did was to create an invoice that looks like it’s
coming from PayPal. Except for the fact that the From address shows it is
coming from Dropbox.
Months ago I saw a similar problem with f
On 2023-03-20 at 13:54:42 UTC-0400 (Mon, 20 Mar 2023 13:54:42 -0400)
Mark London
is rumored to have said:
I’ve never seen a false positive with USER_IN_DEF_SPF_WL.
It can happen, particularly when a listed domain changes the way they
send email. I'm not sure I understand exactly what Dropbox
A quick grep shows:
4.00/updates_spamassassin_org/60_welcomelist_auth.cf:def_welcomelist_auth
*@*.dropbox.com
so the code is operating as designed.
It seems that either dropbox is compromised, or dropbox is allowing
user-generated content to go out under their domain. Either way it
seem
On 2023-03-20 at 13:17:25 UTC-0400 (Mon, 20 Mar 2023 13:17:25 -0400)
Mark London
is rumored to have said:
Can someone tell me why this paypal phishing email, managed to trigger
USER_IN_DEF_SPF_WL?
Hard to be sure, since you didn't include any indication of the envelope
sender address (a.k.a.
I’ve never seen a false positive with USER_IN_DEF_SPF_WL.
> On Mar 20, 2023, at 1:48 PM, Reindl Harald wrote:
>
>
>
>> Am 20.03.23 um 18:44 schrieb Mark London:
>> It seems like it too high a negative score.
>
> then adjust it in local.cf
>
> the point of a WL is exactly to WL something -
It seems like it too high a negative score.
On 3/20/2023 1:24 PM, Reindl Harald wrote:
Am 20.03.23 um 18:17 schrieb Mark London:
Can someone tell me why this paypal phishing email, managed to
trigger USER_IN_DEF_SPF_WL?
Or put it another way. Why wasn't it detected as a phishing email?
Than
Can someone tell me why this paypal phishing email, managed to trigger
USER_IN_DEF_SPF_WL?
Or put it another way. Why wasn't it detected as a phishing email? Thanks.
Received: from a39-208.smtp-out.amazonses.com
(a39-208.smtp-out.amazonses.com [54.240.39.208])
by PSFCMAIL.MIT.EDU (8.14.7/
