When it was delivered to my mailbox, the from address was my efa domain:
It appears that part of the from domain is missing in the header so efa appends its own? But also part of header shows from domain.
mydomain.com is my email domain. efa is my.efa.domain.com. i already block external spoofing for mydomain.com.
efa email headers:
Code: Select all
Received: from celeborn.hostbox12.com (celeborn.hostbox12.com [209.236.116.247])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(no client certificate requested)
by my.efa.domain.com (MailScanner Milter) with SMTP id 4NgwFC4Y58zB9tDb
for <rjones@mydomain.com>; Mon, 26 Dec 2022 19:16:47 -0500 (EST)
X-Greylist: greylisting inactive for rjones@mydomain.com in SQLgrey-1.8.0
Authentication-Results: my.efa.domain.com; dkim=permerror (bad message/signature format)
Received: from [20.64.171.118] (port=51839 helo=vidyabhavancollege.edu.in)
by celeborn.hostbox12.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.95)
(envelope-from <support@vidyabhavancollege.edu.in>)
id 1p9xeB-0001SB-OQ
for rjones@mydomain.com;
Tue, 27 Dec 2022 05:46:45 +0530
From: DealerServices
To: rjones@mydomain.com
Subject: Licensee Profile Information Required
Date: 26 Dec 2022 19:16:44 -0500
Message-ID: <20221226191644.18A75BF9BFBBDF68@from.header.has.no.domain>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0012_2FDBD48D.BCCBF492"
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - celeborn.hostbox12.com
X-AntiAbuse: Original Domain - mydomain.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - vidyabhavancollege.edu.in
X-Get-Message-Sender-Via: celeborn.hostbox12.com: authenticated_id: support@vidyabhavancollege.edu.in
X-Authenticated-Sender: celeborn.hostbox12.com: support@vidyabhavancollege.edu.in
X-Source:
X-Source-Args:
X-Source-Dir:
From: support@vidyabhavancollege.edu.in [Add to Allowlist | Add to Blocklist]
To: rjones@mydomain.com
Subject: Licensee Profile Information Required
Code: Select all
1.90 BAYES_00 Bayes spam probability is 0 to 1%
-0.40 DCC_REPUT_00_12 DCC reputation between 0 and 12 % (mostly ham)
1.40 HTML_IMAGE_ONLY_28 HTML: images with 2400-2800 bytes of words
0.00 HTML_MESSAGE HTML included in message
-0.00 RCVD_IN_MSPIKE_H2 Average reputation (+2)
0.00 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
-0.00 SPF_PASS SPF: sender matches SPF record
1.77 URI_TRY_3LD "Try it" URI, suspicious hostname
Code: Select all
Received: from my.efa.domain.com (192.168.1.25) by server.flut.local
(192.168.1.5) with Microsoft SMTP Server id 14.3.498.0; Mon, 26 Dec 2022
19:16:50 -0500
X-Spam-Status: No
DKIM-Filter: OpenDKIM Filter v2.11.0 my.efa.domain.com 4NgwFG4Z6BzB9tDl
X-pclv-MailScanner-EFA-Watermark: 1672705008.87345@WKC+oOSSN+qfEOsFU59BSQ
X-pclv-MailScanner-EFA-From: support@vidyabhavancollege.edu.in
X-pclv-MailScanner-EFA: Found to be clean
X-pclv-MailScanner-EFA-ID: 4NgwFC4Y58zB9tDb
X-pclv-MailScanner-EFA-Information: Please contact admin@mydomain.com for more information.
Received: from celeborn.hostbox12.com (celeborn.hostbox12.com
[209.236.116.247]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384
(256/256 bits)) (no client certificate requested) by my.efa.domain.com
(MailScanner Milter) with SMTP id 4NgwFC4Y58zB9tDb for
<rjones@mydomain.com>; Mon, 26 Dec 2022 19:16:47 -0500 (EST)
X-Greylist: greylisting inactive for rjones@mydomain.com in SQLgrey-1.8.0
Received: from [20.64.171.118] (port=51839 helo=vidyabhavancollege.edu.in) by
celeborn.hostbox12.com with esmtpsa (TLS1.2) tls
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from
<support@vidyabhavancollege.edu.in>) id 1p9xeB-0001SB-OQ for
rjones@mydomain.com; Tue, 27 Dec 2022 05:46:45 +0530
From: <DealerServices@my.efa.domain.com>
To: <rjones@mydomain.com>
Subject: Licensee Profile Information Required
Date: Mon, 26 Dec 2022 19:16:44 -0500
Message-ID: <20221226191644.18A75BF9BFBBDF68@from.header.has.no.domain>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0012_2FDBD48D.BCCBF492"
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - celeborn.hostbox12.com
X-AntiAbuse: Original Domain - mydomain.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - vidyabhavancollege.edu.in
X-Get-Message-Sender-Via: celeborn.hostbox12.com: authenticated_id: support@vidyabhavancollege.edu.in
X-Authenticated-Sender: celeborn.hostbox12.com: support@vidyabhavancollege.edu.in
X-Source:
X-Source-Args:
X-Source-Dir:
Return-Path: support@vidyabhavancollege.edu.in
X-MS-Exchange-Organization-AuthSource: server.flut.local
X-MS-Exchange-Organization-AuthAs: Internal
X-MS-Exchange-Organization-AuthMechanism: 10
From: support@vidyabhavancollege.edu.in