Hello
Given the From: address can be so easily faked is a rule testing its validity a
great idea?
Headers-
Return-Path: <bounces+SRS=4A6bc=u...@smpn7wonogiri.sch.id>
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on iron.holtain.net
X-Spam-Level:
X-Spam-Status: No, score=-6.5 required=4.5 autolearn=no autolearn_force=no
X-Spam-Report:
* 0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
* [40.93.128.29 listed in wl.mailspike.net]
* -0.0 SPF_PASS SPF: sender matches SPF record
* 0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level
* mail domains are different
* -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
* -7.5 USER_IN_DEF_DKIM_WL From: address is in the default DKIM
* welcome-list
* 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
* valid
* -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
* author's domain
* -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
* 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
* https://senderscore.org/blocklistlookup/
* [40.93.128.29 listed in bl.score.senderscore.com]
* -0.0 T_SCC_BODY_TEXT_LINE No description available.
* 1.0 POSSIBLE_PAYPAL_PHISH_03 Claims to be from paypal, sent to
* Microsoft365 domain - likely fraud if you don't use MSFT365!
* 0.0 T_REMOTE_IMAGE Message contains an external image
* -1.3 DKIMWL_WL_HIGH DKIMwl.org - High trust sender
X-Spam-Relays-Untrusted: [ ip=40.93.128.29
rdns=mail-eastasiaazlp17011029.outbound.protection.outlook.com
helo=HK3PR03CU002.outbound.protection.outlook.com by=iron.holtain.net
ident= envfrom= intl=0 id=8EA1DC000546 auth= msa=0 ] [
ip=2603:1096:405:8e::12 rdns=TYSPR04MB8220.apcprd04.prod.outlook.com
helo=TYSPR04MB8220.apcprd04.prod.outlook.com
by=TYZPR04MB7906.apcprd04.prod.outlook.com ident= envfrom= intl=0
id=15.20.8377.21 auth= msa=0 ] [ ip=2603:1096:820:11b::9
rdns=KL1PR04MB7539.apcprd04.prod.outlook.com
helo=KL1PR04MB7539.apcprd04.prod.outlook.com
by=TYSPR04MB8220.apcprd04.prod.outlook.com ident= envfrom= intl=0
id=15.20.8377.21 auth= msa=0 ] [ ip=fe80::b078:df3:b558:4f13 rdns=
helo=KL1PR04MB7539.apcprd04.prod.outlook.com
by=KL1PR04MB7539.apcprd04.prod.outlook.com ident= envfrom= intl=0 id=
auth= msa=0 ] [ ip=2603:1096:4:b8::34
rdns=SGXP274CA0022.SGPP274.PROD.OUTLOOK.COM
helo=SGXP274CA0022.SGPP274.PROD.OUTLOOK.COM
by=TYZPR04MB7271.apcprd04.prod.outlook.com ident= envfrom= intl=0
id=15.20.8377.21 auth= msa=0 ] [ ip=2603:1096:4:b8:cafe::6f
rdns=SG2PEPF000B66CE.apcprd03.prod.outlook.com
helo=SG2PEPF000B66CE.apcprd03.prod.outlook.com
by=SGXP274CA0022.outlook.office365.com ident= envfrom= intl=0
id=15.20.8398.17 auth= msa=0 ] [ ip=2a01:111:f403:48::209
rdns=EUR03-VI1-obe.outbound.protection.outlook.com
helo=EUR03-VI1-obe.outbound.protection.outlook.com
by=SG2PEPF000B66CE.mail.protection.outlook.com ident= envfrom= intl=0
id=15.20.8398.14 auth= msa=0 ] [ ip=2603:10a6:5:10::31
rdns=DB7P192MB0331.EURP192.PROD.OUTLOOK.COM
helo=DB7P192MB0331.EURP192.PROD.OUTLOOK.COM
by=AS8P192MB2065.EURP192.PROD.OUTLOOK.COM ident= envfrom= intl=0
id=15.20.8377.22 auth= msa=0 ] [ ip=fe80::306f:e2a6:6620:fff0 rdns=
helo=DB7P192MB0331.EURP192.PROD.OUTLOOK.COM
by=DB7P192MB0331.EURP192.PROD.OUTLOOK.COM ident= envfrom= intl=0 id=
auth= msa=0 ] [ ip=2603:10a6:10:120::12
rdns=DB8PR06CA0038.eurprd06.prod.outlook.com
helo=DB8PR06CA0038.eurprd06.prod.outlook.com
by=PAWP192MB2250.EURP192.PROD.OUTLOOK.COM ident= envfrom= intl=0
id=15.20.8377.22 auth= msa=0 ] [ ip=2603:10a6:10:120:cafe::e9
rdns=DU2PEPF00028CFD.eurprd03.prod.outlook.com
helo=DU2PEPF00028CFD.eurprd03.prod.outlook.com
by=DB8PR06CA0038.outlook.office365.com ident= envfrom= intl=0
id=15.20.8377.22 auth= msa=0 ] [ ip=66.211.170.90
rdns=mx4.phx.paypal.com helo=mx4.phx.paypal.com
by=DU2PEPF00028CFD.mail.protection.outlook.com ident= envfrom= intl=0
id=15.20.8398.14 auth= msa=0 ]
X-Spam-Language: en
X-Spam-DKIM-i: @paypal.com
X-Spam-DKIM-d: paypal.com
X-Original-To: ni...@fullbore.co.uk
Delivered-To: niamh.fullb...@iron.holtain.net
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=40.93.128.29;
helo=hk3pr03cu002.outbound.protection.outlook.com;
envelope-from=bounces+srs=4a6bc=u...@smpn7wonogiri.sch.id; receiver=<UNKNOWN>
DMARC-Filter: OpenDMARC Filter v1.4.2 iron.holtain.net 8EA1DC000546
Authentication-Results: iron.holtain.net; dmarc=pass (p=reject dis=none)
header.from=paypal.com
Authentication-Results: iron.holtain.net; spf=pass
smtp.mailfrom=smpn7wonogiri.sch.id
DKIM-Filter: OpenDKIM Filter v2.11.0 iron.holtain.net 8EA1DC000546
Authentication-Results: iron.holtain.net;
dkim=pass (2048-bit key, unprotected) header.d=paypal.com
header.i=@paypal.com header.a=rsa-sha256 header.s=pp-dkim1 header.b=Ti5ZlN8t
Received: from HK3PR03CU002.outbound.protection.outlook.com
(mail-eastasiaazlp17011029.outbound.protection.outlook.com [40.93.128.29])
by iron.holtain.net (Postfix) with ESMTPS id 8EA1DC000546
for <ni...@fullbore.co.uk>; Tue, 28 Jan 2025 18:08:36 +0000 (GMT)
Received: from TYSPR04MB8220.apcprd04.prod.outlook.com (2603:1096:405:8e::12)
by TYZPR04MB7906.apcprd04.prod.outlook.com (2603:1096:405:a9::11) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8377.21; Tue, 28 Jan
2025 18:08:28 +0000
Received: from KL1PR04MB7539.apcprd04.prod.outlook.com (2603:1096:820:11b::9)
by TYSPR04MB8220.apcprd04.prod.outlook.com (2603:1096:405:8e::12) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8377.21; Tue, 28 Jan
2025 18:08:00 +0000
Received: from KL1PR04MB7539.apcprd04.prod.outlook.com
([fe80::b078:df3:b558:4f13]) by KL1PR04MB7539.apcprd04.prod.outlook.com
([fe80::b078:df3:b558:4f13%3]) with mapi id 15.20.8377.021; Tue, 28 Jan 2025
18:07:59 +0000
Received: from SGXP274CA0022.SGPP274.PROD.OUTLOOK.COM (2603:1096:4:b8::34) by
TYZPR04MB7271.apcprd04.prod.outlook.com (2603:1096:400:44f::6) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.8377.21; Tue, 28 Jan 2025 17:50:17 +0000
Received: from SG2PEPF000B66CE.apcprd03.prod.outlook.com
(2603:1096:4:b8:cafe::6f) by SGXP274CA0022.outlook.office365.com
(2603:1096:4:b8::34) with Microsoft SMTP Server (version=TLS1_3,
cipher=TLS_AES_256_GCM_SHA384) id 15.20.8398.17 via Frontend Transport; Tue,
28 Jan 2025 17:50:17 +0000
Authentication-Results: spf=softfail (sender IP is 2a01:111:f403:48::209)
smtp.mailfrom=euroland.fr; dkim=pass (signature was verified)
header.d=paypal.com;dmarc=pass action=none header.from=paypal.com;
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning
euroland.fr discourages use of 2a01:111:f403:48::209 as permitted sender)
Received: from EUR03-VI1-obe.outbound.protection.outlook.com
(2a01:111:f403:48::209) by SG2PEPF000B66CE.mail.protection.outlook.com
(2603:1096:f:fff5:0:1:0:5) with Microsoft SMTP Server (version=TLS1_3,
cipher=TLS_AES_256_GCM_SHA384) id 15.20.8398.14 via Frontend Transport; Tue,
28 Jan 2025 17:50:16 +0000
Received: from DB7P192MB0331.EURP192.PROD.OUTLOOK.COM (2603:10a6:5:10::31) by
AS8P192MB2065.EURP192.PROD.OUTLOOK.COM (2603:10a6:20b:5bd::19) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.8377.22; Tue, 28 Jan 2025 17:50:13 +0000
Received: from DB7P192MB0331.EURP192.PROD.OUTLOOK.COM
([fe80::306f:e2a6:6620:fff0]) by DB7P192MB0331.EURP192.PROD.OUTLOOK.COM
([fe80::306f:e2a6:6620:fff0%5]) with mapi id 15.20.8377.021; Tue, 28 Jan 2025
17:50:13 +0000
Received: from DB8PR06CA0038.eurprd06.prod.outlook.com (2603:10a6:10:120::12)
by PAWP192MB2250.EURP192.PROD.OUTLOOK.COM (2603:10a6:102:34e::21) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8377.22; Tue, 28 Jan
2025 17:49:51 +0000
Received: from DU2PEPF00028CFD.eurprd03.prod.outlook.com
(2603:10a6:10:120:cafe::e9) by DB8PR06CA0038.outlook.office365.com
(2603:10a6:10:120::12) with Microsoft SMTP Server (version=TLS1_3,
cipher=TLS_AES_256_GCM_SHA384) id 15.20.8377.22 via Frontend Transport; Tue,
28 Jan 2025 17:49:51 +0000
Authentication-Results-Original: spf=pass (sender IP is 66.211.170.90)
smtp.mailfrom=paypal.com; dkim=pass (signature was verified)
header.d=paypal.com;dmarc=pass action=none header.from=paypal.com;
Received-SPF: Pass (protection.outlook.com: domain of paypal.com designates
66.211.170.90 as permitted sender) receiver=protection.outlook.com;
client-ip=66.211.170.90; helo=mx4.phx.paypal.com; pr=C
Received: from mx4.phx.paypal.com (66.211.170.90) by
DU2PEPF00028CFD.mail.protection.outlook.com (10.167.242.181) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.8398.14 via Frontend Transport; Tue, 28 Jan 2025 17:49:50 +0000
DKIM-Signature: v=1; a=rsa-sha256; d=paypal.com; s=pp-dkim1; c=relaxed/relaxed;
q=dns/txt; i=@paypal.com; t=1738086589;
h=From:From:Subject:Date:To:MIME-Version:Content-Type;
bh=x4gXgJPzgMJS4s6SslPDX50DN37l6UgxYv1Fke0blj4=;
b=Ti5ZlN8t9vOP4oHPw6S7EFSv5qCloXAAcGFhN1UUYPh8b+kHEbenBvfdHtOlBzCF
7lCfc0LH2NGC6vIhFkmbmn490P6XkzLMgQwi9IcUaQTZrUIeD8r5YPRT5b/Y4RmA
VqAbuOE/7S20QxDlpoCqOprRhS/39AvB5W/QuCyzPn6uf+IjwQjyd7f8imwXsGGD
O+hiNma12uuMIgpeuAdk5PNYrZJv9UZA6Ta9OZP1LyowQPFIdPaIJf4ACHUkBGaa
fChq5r8wr7lBUGY/5ft8dfpmzcj3QiEcytLWYQ4niDlTJAMZcPI3OSuoyiwXjFJq
yuYqt5ZZhMyeauUvreQNbw==;
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset="UTF-8"
Date: Tue, 28 Jan 2025 09:49:49 -0800
Message-ID: <AD.CB.51299.DB819976@ccg01mail06>
MIME-Version: 1.0
From: "serv...@paypal.com" <serv...@paypal.com>
To: Sharon Turner <order_stat...@euroland.onmicrosoft.com>
Subject: You've sent a money request
X-MaxCode-Template: RT000241
X-PP-Priority: 0-paypal-false
PP-Correlation-Id: f388091b585de
X-PP-Email-transmission-Id: 44cd845b-dda0-11ef-bbbe-0f3c32714b27
X-PP-REQUESTED-TIME: 1738086577206
X-Email-Type-Id: RT000241
AMQ-Delivery-Message-Id: nullval
X-XPT-XSL-Name: nullval
X-EOPAttributedMessage: 1
X-MS-TrafficTypeDiagnostic:
DU2PEPF00028CFD:EE_|PAWP192MB2250:EE_|AS8P192MB2065:EE_|SG2PEPF000B66CE:EE_|TYZPR04MB7271:EE_|TYSPR04MB8220:EE_|TYZPR04MB7906:EE_
X-MS-Office365-Filtering-Correlation-Id: 198a6f79-7e5b-4b79-7cbb-08dd3fc43981
X-Moderation-Data: 1/28/2025 5:50:06 PM
X-LD-Processed: 597638ac-1f39-416f-b8b6-2a57af6395fe,ExtAddr
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8P192MB2065
X-EOPTenantAttributedMessage: 7ab5503a-6b18-41b1-ab89-bb02ef5b5daf:0
X-MS-Exchange-Transport-CrossTenantHeadersStripped:
SG2PEPF000B66CE.apcprd03.prod.outlook.com
X-MS-Exchange-Transport-CrossTenantHeadersPromoted:
SG2PEPF000B66CE.apcprd03.prod.outlook.com
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id-Prvs:
5c11a4de-9c64-4aae-d96a-08dd3fc42a48
X-Moderation-Data: 1/28/2025 6:07:58 PM
X-LD-Processed: 7ab5503a-6b18-41b1-ab89-bb02ef5b5daf,ExtAddr,ExtAddr
X-OriginatorOrg: smpn7wonogiri.sch.id
X-MS-Exchange-CrossTenant-Network-Message-Id:
198a6f79-7e5b-4b79-7cbb-08dd3fc43981
X-MS-Exchange-CrossTenant-Id: 7ab5503a-6b18-41b1-ab89-bb02ef5b5daf
X-MS-Exchange-CrossTenant-AuthSource: SG2PEPF000B66CE.apcprd03.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Jan 2025 18:07:59.9852
(UTC)
X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYZPR04MB790
--
Best regards,
Niamh mailto:ni...@fullbore.co.uk
