Wierd spam

[didds]

Its because the "originator" email address is being spoofed.

http://searchsecurity.techtarget.com/de ... l-spoofing

didds

[Infrasonic]

I get the same occasionally with my Hotmail aggregator address, been happening for a few years now, not found a solution. I did look through all the headers trying to find a common routing theme on a few occasions.

I've always presumed that at some point in the past some piece of spam has managed to phone home from the inbox and confirm my address as valid, and then it's ended up on a list of 'own address spoofs'.
I have all active content, graphics et al off now but it wasn't always the case, so it was probably then when the address got compromised. I've had that address since 1998...

[johnhemming]

Spoofing the originator email to hotmail should really be picked up by SPF.

Hotmail does have SPF set up and they should be using it to validate mail
https://mxtoolbox.com/SuperTool.aspx?ac ... n=toolpage

[Infrasonic]

Spoofing the originator email to hotmail should really be picked up by SPF.

Hotmail does have SPF set up and they should be using it to validate mail
https://mxtoolbox.com/SuperTool.aspx?ac ... n=toolpage

It is, it sends it to the spam folder...
DMARC validation relies on both ends and you get a green bar with a 'trusted sender' header message. My banks and other providers use it ( but not on all send addresses, due to costs probably.)

I've had one piece of spam that spoofed the trusted sender green bar and header as well though, sneaky devils...

[johnhemming]

due to costs probably.)

It shouldn't really be costs, but more a question of having the greater technical understanding of how to do things particularly at a higher management level.

[UncleEbenezer]

Spoofing the originator email to hotmail should really be picked up by SPF.

Less useful when the originating server is a big provider serving many domains, like gmail. Does hotmail not similarly offer outsourcing for its users' own domains?

Spoofing an originator has always been trivial. Never rely on an originator for anything important unless it's cryptographically signed.

[Infrasonic]

due to costs probably.)

It shouldn't really be costs, but more a question of having the greater technical understanding of how to do things particularly at a higher management level.

The emails come from different servers (I've checked the routing to see) but from the same organisation. So there has been a conscious decision to split the financially/data sensitive stuff to DMARC (probably because of data protection or ISO compliance) and the 'general info' to non DMARC. It's common to all the providers that use DMARC that I correspond with.