[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 204
  • Last Modified:

Phishing actually from apparent sender's domain

Hi, Experts.  I've been seeing something new in the world of phishing emails (at least, to me).  The email comes from "john.doe@somedomain.com" -- and the routing headers bear out that this email actually came from "somedomain.com."  I am used to seeing a spoofed address and routing from obscure servers that bear no relation to that domain.

Is this a new kind of spoof?  Are they actually spoofing routing? Or am I seeing the work of a botnet of some kind? Should I be alerting the sending domains?
1 Solution
Just like you I have never encountered spoofed routing.  If x-originating-ip in message headers matches the IP of somedomain.com, then it is really hacked and it'd be good to notify domain administration of that. Full message headers would allow to check this in more detail.
JLNewmarkAuthor Commented:
Right, that's what I was looking at.  And they are coming from the domain of the apparent sender's address.  It's a new twist for me.  Botnet, maybe?
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now