On 8/1/2024 4:18 PM, Scott Q. via mailop wrote:
CloudFilter is Proofpoint, right ?
We still gets tons of Spam from them. Not sure if this is related to
this echospoofing but we just got a pretty big wave
Received: from omta040.useast.a.cloudfilter.net
(omta040.useast.a.cloudfilter.net [44.202.169.39])
by mx.emailarray.com (Haraka/2.8.21) with ESMTPS id
6075B447-619F-4FE2-94FB-B6B586F92374.3
envelope-from<pe...@hadcloud.com.br>
(version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 verify=FAIL);
Thu, 01 Aug 2024 16:19:30 -0400
Received: from eig-obgw-6009a.ext.cloudfilter.net ([10.0.30.184])
by cmsmtp with ESMTPS
id ZYIHspqDRnNFGZcGnsTR6p; Thu, 01 Aug 2024 20:19:29 +0000
Received: from cp-in-14.webhostbox.net ([103.50.162.147])
by cmsmtp with ESMTPS
id ZcGksNXf0oaMiZcGlsDN9r; Thu, 01 Aug 2024 20:19:28 +0000
X-Authority-Analysis: v=2.4 cv=deKG32Xe c=1 sm=1 tr=0 ts=66abedd0
a=+OZ35jC+7F35rNibgVyYDA==:117 a=jZ5zol7y3lBdV6rxEGevAg==:17
a=MKtGQD3n3ToA:10 a=yoJbH4e0A30A:10 a=5KLPUuaC_9wA:10 a=M51BFTxLslgA:10
a=A4EqBspgoKYA:10 a=n9Fe_nV6AAAA:8 a=x8JhEuIrCajjPMggPtkA:9
a=PEF53iIozS7NwpkX:21 a=_W_S_7VecoQA:10 a=lqcHg5cX4UMA:10
a=xOl7BDxbbtdmDN2MprIA:9 a=HXjIzolwW10A:10 a=T6a71-JsGAwA:10
a=wlHTxKAh8-WCeF7hZiUK:22 a=WVAGjVSKdBBTa5aWMILr:22 a=WIq2oDtJ_6PiUi2x2ys3:22
Received: from [45.137.126.85] (port=62285 helo=[185.198.243.176])
by cp-in-14.webhostbox.net with esmtpsa (TLS1.2) tls
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.96.2)
(envelope-from<pe...@hadcloud.com.br>)
id 1sZcGi-002goN-2w
Technically yes, that's Cloudmark (owned by Proofpoint) - but no,
"Echospoofing" has nothing to do with Cloudmark at all.
To my knowledge, .pphosted.com (hosted Proofpoint enterprise mail
clusters) were the primary affected targets.
- Mark Alley
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
