RBL checks for FQDN not just domains would be a good idea...
Pedro.

   >On Sunday, January 15, 2023 at 08:47:59 PM GMT+1, Alex 
<mysqlstud...@gmail.com> wrote:  
 
 >Hi,

>X-Spam-Status: No, score=1.102 tagged_above=-200 required=5
 >tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
 >DKIM_VALID_EF=-0.1, DMARC_PASS=-0.1, FMBLA_HELO_OUTMX=-0.01,
 >FMBLA_RDNS_OUTMX=-0.01, HTML_MESSAGE=0.001, LOC_CDIS_INLINE=0.1,
 >LOC_FILE_SHARE_PHISH1=0.75, LOC_FROMADDR=0.01, LOC_FROMNAME=0.01,
 >LOC_IMGSPAM=0.1, LOC_XORIGORG=0.01, MIME_HTML_ONLY=0.1,
 >RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001,
 >RCVD_IN_SENDERSCORE_80_89=-0.4, RELAYCOUNTRY_LOW=0.1, RELAYCOUNTRY_US=0.01,
 >SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, TXREP=-0.166] autolearn=disabled

>'m reporting it to spamcop and training bayes, but does anyone have any other 
>ideas?
>Is this just someone using their sharepoint account to send a phish? Perhaps 
>account takeover? 
>https://pastebin.com/2CJ3SLf2




  

Reply via email to