Hi, I'm hoping someone can help me understand how what appears to be an invoice scam was passed through legitimate MS servers and even USER_IN_DKIM_WHITELIST.
From: Microsoft <[email protected]> Date: Fri, 30 Aug 2024 15:50:53 +0000 Subject: Your Microsoft order on August 30, 2024 Message-ID: <[email protected]> To: [email protected] It also hit a few of my local test rules, including one that hits when MS mail is sent to us with a different To domain, but it received a negative score because of being on the default DKIM whitelist. https://pastebin.com/fmjK9AfK
