Message-Id: <odspmicro-Share-4b8d8ca0-90e0-6000-0144-913b0eedffcf-56ad3112-ea16-4350-a633-caf11bb97baf-4124a7b4-04ed-467a-986a-6c6468a46df1@DAEB5AAE0CFE>
Read RFC 822, pp. 44-46. If your answer is that the latest RFC allows for it, the my reply is: my mail, my rules, so I apply the most stringent rules. -------- Original Message -------- On 15 Jan 2023, 20:47, Alex wrote: > Hi, > > X-Spam-Status: No, score=1.102 tagged_above=-200 required=5 > tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, > DKIM_VALID_EF=-0.1, DMARC_PASS=-0.1, FMBLA_HELO_OUTMX=-0.01, > FMBLA_RDNS_OUTMX=-0.01, HTML_MESSAGE=0.001, LOC_CDIS_INLINE=0.1, > LOC_FILE_SHARE_PHISH1=0.75, LOC_FROMADDR=0.01, LOC_FROMNAME=0.01, > LOC_IMGSPAM=0.1, LOC_XORIGORG=0.01, MIME_HTML_ONLY=0.1, > RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, > RCVD_IN_SENDERSCORE_80_89=-0.4, RELAYCOUNTRY_LOW=0.1, RELAYCOUNTRY_US=0.01, > SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, TXREP=-0.166] autolearn=disabled > > I'm reporting it to spamcop and training bayes, but does anyone have any > other ideas? > > Is this just someone using their sharepoint account to send a phish? Perhaps > account takeover? > > https://pastebin.com/2CJ3SLf2
