Hi, I'm hoping someone can help me understand how what appears to be an invoice scam was passed through legitimate MS servers and even USER_IN_DKIM_WHITELIST.
From: Microsoft <microsoft-nore...@microsoft.com> Date: Fri, 30 Aug 2024 15:50:53 +0000 Subject: Your Microsoft order on August 30, 2024 Message-ID: <1ccff35e-284a-4b08-bef9-737552452...@az.westus3.microsoft.com> To: rebeccaflam...@rebeccaflaming.onmicrosoft.com It also hit a few of my local test rules, including one that hits when MS mail is sent to us with a different To domain, but it received a negative score because of being on the default DKIM whitelist. https://pastebin.com/fmjK9AfK
