> The biggest issue I see is the SPF approval: > ARC‐Authentication‐Results: i=1; mx.google.com; > > spf=pass (google.com: best guess record for domain of > le...@cis.fordham.edu <mailto:le...@cis.fordham.edu> designates 150.108.68.26 > as permitted sender) > > Perhaps a compromised account?
Well this user has his sendmail account from our subdomain forward to his university Gmail account so that’s where the SPF kicks in. But how come those first IPs in the mail header pass?
