Hi,
I have an email that was marked as having a spoofed domain, but I
believe it's a false-positive. It's one of those smartbrief.com
newsletters.
How do I find out which domain specifically it thinks was spoofed?
I've posted the email here:
http://pastebin.com/n4WRjmzE
# clamscan -v spoofed-do
On Tue, December 15, 2015 1:43 pm, Alex wrote:
> Hi,
>
>
> I have an email that was marked as having a spoofed domain, but I
> believe it's a false-positive. It's one of those smartbrief.com
> newsletters.
>
> How do I find out which domain specifically it thinks was spoofed?
--debug will help...
Hi,
> I've posted the email here:
> http://pastebin.com/n4WRjmzE
> Got a match: f.email.americanexpress.com/ with /moc.sserpxenacirema
> Before inserting .: .f.email.americanexpress.com
> Lookup result: in regex list
> Phishcheck:host:.r.smartbrief.com
> Phishing: looking up in whitelist:
> .r.s
Alex wrote:
> Steve Basford wrote:
>> I've posted the email here:
>> http://pastebin.com/n4WRjmzE
>
>> Got a match: f.email.americanexpress.com/ with /moc.sserpxenacirema
>> Before inserting .: .f.email.americanexpress.com
>> Lookup result: in regex list
>> Phishcheck:host:.r.smartbrief.com
>> Ph
Hi,
>> Steve Basford wrote:
>>> I've posted the email here:
>>> http://pastebin.com/n4WRjmzE
>>
>>> Got a match: f.email.americanexpress.com/ with /moc.sserpxenacirema
>>> Before inserting .: .f.email.americanexpress.com
>>> Lookup result: in regex list
>>> Phishcheck:host:.r.smartbrief.com
>>> Ph
On Tue, Dec 15, 2015 at 06:21 PM, Alex wrote:
>
>>> Steve Basford wrote:
I've posted the email here:
http://pastebin.com/n4WRjmzE
>>>
Got a match: f.email.americanexpress.com/ with /moc.sserpxenacirema
Before inserting .: .f.email.americanexpress.com
Lookup result: in reg
Please stop sending me emails
> On Dec 15, 2015, at 6:21 PM, Alex wrote:
>
> Hi,
>
>>> Steve Basford wrote:
I've posted the email here:
http://pastebin.com/n4WRjmzE
>>>
Got a match: f.email.americanexpress.com/ with /moc.sserpxenacirema
Before inserting .: .f.email.america
