Re: paypal fraud

On 11/7/24 3:02 AM, Alex wrote: Hi, I received a paypal scam invoice using paypal servers that passed DKIM and sent through paypal servers but has the return path of some other server after it went through paypal. [...] From: "serv...@paypal.com " mailto:serv...@p

Re: paypal fraud

Isn’t this just a forwarded email from Office 365 using SRS? It would make sense that it pass DKIM in that case. If I understand the attack here they issue themselves an invoice from PayPal and set up an email forwarder, it’s an interesting scam. Someone correct me if you see it differently, I have

Re: paypal fraud

Alex skrev den 2024-11-07 03:02: welcomelist_auth *@paypal.com [2] blocklist_from *@paypal.com [2] the dkim is imho 100% invalid, there missing important headers dkim signed, eg message-id, doh, reuse forgin is very simple then for spamassassin we could add selector blacklistning to solve t

paypal fraud

Hi, I received a paypal scam invoice using paypal servers that passed DKIM and sent through paypal servers but has the return path of some other server after it went through paypal. Return-Path: Received-SPF: Pass (protection.outlook.com: domain of paypal.com designates 66.211.170.93 as permit