RBL checks for FQDN not just domains would be a good idea... Pedro. >On Sunday, January 15, 2023 at 08:47:59 PM GMT+1, Alex <mysqlstud...@gmail.com> wrote: >Hi,
>X-Spam-Status: No, score=1.102 tagged_above=-200 required=5 >tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, >DKIM_VALID_EF=-0.1, DMARC_PASS=-0.1, FMBLA_HELO_OUTMX=-0.01, >FMBLA_RDNS_OUTMX=-0.01, HTML_MESSAGE=0.001, LOC_CDIS_INLINE=0.1, >LOC_FILE_SHARE_PHISH1=0.75, LOC_FROMADDR=0.01, LOC_FROMNAME=0.01, >LOC_IMGSPAM=0.1, LOC_XORIGORG=0.01, MIME_HTML_ONLY=0.1, >RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, >RCVD_IN_SENDERSCORE_80_89=-0.4, RELAYCOUNTRY_LOW=0.1, RELAYCOUNTRY_US=0.01, >SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, TXREP=-0.166] autolearn=disabled >'m reporting it to spamcop and training bayes, but does anyone have any other >ideas? >Is this just someone using their sharepoint account to send a phish? Perhaps >account takeover? >https://pastebin.com/2CJ3SLf2