Menu
▾
▴
[Assp-test] How did this pass SPF?
|
From: Daniel L. M. <dm...@am...> - 2023-09-22 18:41:28
|
I received a spam mail spoofing Intuit. While I have Intuit whitelisted I don't understand how it passed SPF check. Sep-22-23 11:15:20 06519-09846 [Worker_1] [TLS-in] 81.17.120.110 <no_...@qu...> to: dm...@am... info: enhanced Originated IP detection found IP's: 81.17.120.4 Sep-22-23 11:15:20 06519-09846 [Worker_1] [TLS-in] 81.17.120.110 <no_...@qu...> to: dm...@am... info: detected IP's on the mail routing way: 81.17.120.4 Sep-22-23 11:15:20 06519-09846 [Worker_1] [TLS-in] 81.17.120.110 <no_...@qu...> to: dm...@am... info: detected source IP: 81.17.120.4 Sep-22-23 11:15:20 [Worker_1] Dm...@am... matches dm...@am... in LocalAddresses_Flat Sep-22-23 11:15:20 06519-09846 [Worker_1] [TLS-in] 81.17.120.110 <no_...@qu...> to: dm...@am... info: domain intuit.com has published a DMARC record Sep-22-23 11:15:20 06519-09846 [Worker_1] [TLS-in] 81.17.120.110 <no_...@qu...> to: dm...@am... blockspf Regex: blockstrictSPFRe 'intuit.com' Sep-22-23 11:15:20 06519-09846 [Worker_1] [TLS-in] 81.17.120.110 <no_...@qu...> to: dm...@am... [scoring] SPF: none ip=81.17.120.110 mai...@qu... helo=bst63.us Sep-22-23 11:15:20 06519-09846 [Worker_1] [TLS-in] 81.17.120.110 <no_...@qu...> to: dm...@am... warning: got SPF-result 'none' for a strictly checked domain - check your DNS server and/or strictSPFRe , blockstrictSPFRe or clear the SPFCache Sep-22-23 11:15:20 06519-09846 [Worker_1] [TLS-in] 81.17.120.110 <no_...@qu...> to: dm...@am... [Plugin] calling plugin ASSP_AFC Sep-22-23 11:15:20 06519-09846 [Worker_1] [TLS-in] 81.17.120.110 <no_...@qu...> to: dm...@am... whitelisted (no bad attachments) Sep-22-23 11:15:20 06519-09846 [Worker_1] [TLS-in] 81.17.120.110 <no_...@qu...> to: dm...@am... [Plugin] calling plugin ASSP_Razor Sep-22-23 11:15:21 06519-09846 [Worker_1] [TLS-in] 81.17.120.110 <no_...@qu...> to: dm...@am... [Plugin] calling plugin ASSP_DCC Sep-22-23 11:15:25 06519-09846 [Worker_1] [TLS-in] [MessageOK] 81.17.120.110 <no_...@qu...> to: dm...@am... message ok - (whiteListedDomains 'intuit.com') - [You have successfully invited a new company admin to your QuickBooks online account] -> notspam/9846--134226.eml -- Daniel |
