On 2024-08-16 at 08:03:05 UTC-0400 (Fri, 16 Aug 2024 08:03:05 -0400)
Alex
is rumored to have said:
It says that SPF failed, but SPF_PASS was hit, presumably from our
connection to Microsoft, not their connection to the spammer client:
Correct. You can only check SPF on the first SMTP transact
Hi,
This is a QR phish, and I haven't full set up zbar and ExtractText yet, but
I'm hoping someone could look at this and try to identify other issues that
would be helpful in blocking this.
It hit a couple of my local basic testing rules, but that's about it.
X-Spam-Status: No, score=2.457 tagge
