I would just score anything DNSWL at 0. I mean no disrespect to the maintainer
of DNSWL but I just don’t find it useful these days. Spam is too complex now.
Sent from my iPhone
> On Nov 8, 2024, at 4:42 PM, Alex wrote:
>
>
> Hi,
> Time to remove docusign from RCVD_IN_DNSWL_MED and others tha
Isn’t this just a forwarded email from Office 365 using SRS? It would make sense that it pass DKIM in that case. If I understand the attack here they issue themselves an invoice from PayPal and set up an email forwarder, it’s an interesting scam. Someone correct me if you see it differently, I have
