Hi List I'm surprised...
six-group.com is the biggest payment platform in Switzerland. Of course they use SPF to protect their domain from being abused by phishers. It looks like GV0CHE01FT013.mail.protection.outlook.com is happily accepting phishing emails which, according to SPF should get rejected. six-group.com descriptive text "v=spf1 mx include:285283.spf01.hubspotemail.net include:spf.protection.outlook.com a:prodmail33a.sapsf.eu a:prodmail33b.sapsf.eu a:prodmail33c.sapsf.eu a:prodmail33d.sapsf.eu ip4:130.214.193.81 a:smtp.cetrel.lu -all" https://www.spf-record.de/spf-lookup/six-group.com?ip=157.161.4.123 Connected to *****.mail.protection.outlook.com. Escape character is '^]'. 220 GV0CHE01FT013.mail.protection.outlook.com Microsoft ESMTP MAIL Service ready at Tue, 23 May 2023 13:30:12 +0000 ehlo example.com 250-GV0CHE01FT013.mail.protection.outlook.com Hello [157.161.4.123] # (yes, my actual IP) 250-SIZE 157286400 250-PIPELINING 250-DSN 250-ENHANCEDSTATUSCODES 250-STARTTLS 250-8BITMIME 250-BINARYMIME 250-CHUNKING 250 SMTPUTF8 mail from:<i-am-a-ph...@six-group.com> 250 2.1.0 Sender OK rcpt to:<info@*****> 250 2.1.5 Recipient OK data 354 Start mail input; end with <CRLF>.<CRLF> PhsihPhishPhish . 250 2.6.0 <1596b267-85c2-4695-80cb-4c354a335...@gv0che01ft013.eop-che01.prod.protection.outlook.com> [InternalId=139006616572402, Hostname=ZRAP278MB0141.CHEP278.PROD.OUTLOOK.COM] 7400 bytes in 0.087, 82.746 KB/sec Queued mail for delivery WTF! Mit freundlichen Grüssen -Benoît Panizzon- -- I m p r o W a r e A G - Leiter Commerce Kunden ______________________________________________________ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 Pratteln Fax +41 61 826 93 01 Schweiz Web http://www.imp.ch ______________________________________________________ _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop