Spam got through using Rcpt to? - Any suggestions?

Questions and answers about how to do stuff
Post Reply
mshanley
Posts: 41
Joined: 26 Apr 2014 05:19

Spam got through using Rcpt to? - Any suggestions?

Post by mshanley »

wow... How in the world does this get through the filter and not even have the efa spam link at the bottom of the email
my domain is coloradoonly.com this guy is using fanshawec.ca

He sent it from himself to himself and it ended up in my email box.. how is that possible? lol

its an HTML email....
hmm.... looks like he got it to me by using X-Rcpt-To: <mshanley@coloradoonly.com> is there any ideas on how to block this kind of thing?



Wed 4/26/2017 2:54 AM
From: "Kaempf, Paul"
To: "Kaempf, Paul"

My auntie Gina has a gift for you . reply to her email for details. gina.rinehart2017@europe.com


RAW HEADER

Return-Path: <pkaempf@fanshawec.ca>
Received: from EFA.coloradoonly.com (UnknownHost [192.168.1.7]) by mail.coloradoonly.com with SMTP;
Wed, 26 Apr 2017 02:53:43 -0600
X-ColoradoOnly-MailScanner-EFA-Watermark: 1493801631.33238@X/iqh1sEniru6soPKRpxOA
X-ColoradoOnly-MailScanner-EFA-From: pkaempf@fanshawec.ca
X-ColoradoOnly-MailScanner-EFA-SpamScore: s
X-ColoradoOnly-MailScanner-EFA: Found to be clean
X-ColoradoOnly-MailScanner-EFA-ID: CF5681208B1.A5D29
X-ColoradoOnly-MailScanner-EFA-Information: Please contact mshanley@coloradoonly.com for more information
X-Greylist: delayed 00:05:05 by SQLgrey-1.8.0
Received: from smtpout1.fanshawec.ca (smtpout2.fanshawec.ca [205.211.140.33])
by EFA.coloradoonly.com (Postfix) with ESMTP id CF5681208B1
for <mshanley@coloradoonly.com>; Wed, 26 Apr 2017 02:53:47 -0600 (MDT)
Received: from NTS-M2037-SMB3.fanshawec.ca ([fe80::d5ab:cd75:8b84:6c0b]) by
nts-e2036-scas2.fanshawec.ca ([::1]) with mapi id 14.03.0181.006; Wed, 26 Apr
2017 04:48:36 -0400
From: "Kaempf, Paul" <pkaempf@FanshaweC.ca>
To: "Kaempf, Paul" <pkaempf@FanshaweC.ca>
Subject: RE: re
Thread-Topic: re
Thread-Index: AdK+YtZq0YDGiBoLS/K9QG5algLiAQABO2Fw
Date: Wed, 26 Apr 2017 08:48:36 +0000
Message-ID: <7EF03D22A6691247A59F507D4B3F1F669CF8BB@nts-m2037-smb3.fanshawec.ca>
References: <7EF03D22A6691247A59F507D4B3F1F669C52D9@nts-m2037-smb3.fanshawec.ca>
In-Reply-To: <7EF03D22A6691247A59F507D4B3F1F669C52D9@nts-m2037-smb3.fanshawec.ca>
Accept-Language: en-US, en-CA
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [77.234.44.150]
Content-Type: multipart/alternative;
boundary="_000_7EF03D22A6691247A59F507D4B3F1F669CF8BBntsm2037smb3fansh_"
MIME-Version: 1.0
X-spam-status: No, score=0.0 required=6.5 tests=URIBL_BLOCKED,RCVD_IN_DNSWL_NONE,SPF_PASS,RP_MATCHES_RCVD,HTML_MESSAGE, No
X-Spam-Flag: NO
X-Rcpt-To: <mshanley@coloradoonly.com>
X-SmarterMail-TotalSpamWeight: 0 (Authenticated)

--_000_7EF03D22A6691247A59F507D4B3F1F669CF8BBntsm2037smb3fansh_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

My auntie Gina has a gift for you . reply to her email for details. gina.ri=
nehart2017@europe.com<mailto:gina.rinehart2017@europe.com>

--_000_7EF03D22A6691247A59F507D4B3F1F669CF8BBntsm2037smb3fansh_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<html dir=3D"ltr">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Diso-8859-=
1">
<style type=3D"text/css" id=3D"owaParaStyle"></style>
</head>
<body fpstyle=3D"1" ocsi=3D"0">
<div style=3D"direction: ltr;font-family: Tahoma;color: #000000;font-size: =
10pt;">
<div style=3D"font-family: Times New Roman; color: #000000; font-size: 16px=
">
<div>
<div style=3D"direction:ltr; font-family:Tahoma; color:#000000; font-size:1=
0pt"><span style=3D"background-color:rgb(255,255,255); font-family:Helvetic=
a,Arial,sans-serif; font-size:13.3333px">My auntie Gina has a gift for&nbsp=
;you . reply to her email for details.<span class=3D"aolmail_aolmail_aolmai=
l_aolmail_aolmail_aolmail_Apple-converted-space">&nbsp;</span></span><span =
style=3D"background-color:rgb(255,255,255); font-family:&quot;Segoe UI&quot=
;,Helvetica,Arial,sans-serif; font-size:13px"><a rel=3D"noopener noreferrer=
" href=3D"mailto:gina.rinehart2017@europe.com" style=3D"color:blue" target=
=3D"_blank">gina.rinehart2017@europe.com</a></span></div>
</div>
</div>
</div>
</body>
</html>

--_000_7EF03D22A6691247A59F507D4B3F1F669CF8BBntsm2037smb3fansh_-
Top
User avatar
shawniverson
Posts: 3650
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:
Contact shawniverson

Re: Spam got through using Rcpt to? - Any suggestions?

Post by shawniverson »

Ahh yes, spoofing.

viewtopic.php?f=14&t=1278
Top
Post Reply

Return to “How-to”