On Fri 18/Nov/2022 20:38:11 +0100 Ken Simpson via mailop wrote:
I've seen the raw email;
You mean not the header Zach posted?
it did come from PayPal.
Something is strange in that header... There is no local A-R, based on that header, both signatures (DKIM and AMS) fail to verify irrespective of the body hash.
PayPal needs to get better at recognizing brand images so that this kind of impersonation is more difficult on their platform. No doubt they are already working on that.
If the message was from Paypal, I guess if Zach had paid he'd have been eligible for reimbursement.
Best Ale -- _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
