K5-Tech
asked on
Email be flagged as Phishing from Exchange 2010
A couple of our users have had their email flagged as phishing in Outlook 2013, 2016. Is there a way to stop this. I contacted our ISP to verify that we had a PTR record and the connectors in Exchange are correct.
The only practical way I know around this is to Whitelist the users in question. There is so much spam, phishing and ransomware emails now that you will not likely get a hearing from your ISP. You can try. I just use my Whitelist as needed.
Did you users receive an NDR you can share? That should help us narrow down the root cause.
ASKER
There was no NDR. The messages are getting delivered they just have all of the links and attachments disabled until the receiver clicks to enable them.
The message reads:
This might be a phishing message and is potentially unsafe. Links and other functionality have been disabled. If you trust this message and want to turn that functionality back on, click here.
The message reads:
This might be a phishing message and is potentially unsafe. Links and other functionality have been disabled. If you trust this message and want to turn that functionality back on, click here.
It's tough to say for sure without examining headers. Feel free to send to me in a private message and I can report back results.
You cannot use Private Messaging in this forum to solve problems.
If you wish to post the headers, please post them here.
If you wish to post the headers, please post them here.
ASKER
Received: from MWHPR01MB2255.prod.exchang elabs.com (10.169.234.145) by
CY4PR01MB2245.prod.exchang elabs.com (10.169.250.143) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_ AES_256_CB C_SHA384_P 384) id
15.1.649.16 via Mailbox Transport; Tue, 1 Nov 2016 19:08:07 +0000
Received: from BY2PR01CA0009.prod.exchang elabs.com (10.163.25.19) by
MWHPR01MB2255.prod.exchang elabs.com (10.169.234.145) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_ AES_256_CB C_SHA384_P 384) id
15.1.649.16; Tue, 1 Nov 2016 19:08:05 +0000
Received: from SN1NAM01FT002.eop-nam01.pr od.protect ion.outloo k.com
(2a01:111:f400:7e40::209) by BY2PR01CA0009.outlook.offi ce365.com
(2a01:111:e400:5262::19) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_ AES_256_CB C_SHA384_P 384) id 15.1.693.12 via
Frontend Transport; Tue, 1 Nov 2016 19:08:05 +0000
Authentication-Results: spf=none (sender IP is 162.220.84.151)
smtp.mailfrom=axisbenefits .com; k5-tech.com; dkim=none (message not signed)
header.d=none;k5-tech.com; dmarc=permerror action=none
header.from=axisbenefits.c om;k5-tech .com; dkim=none (message not signed)
header.d=none;
Received-SPF: None (protection.outlook.com: axisbenefits.com does not
designate permitted sender hosts)
Received: from zix01.omegatechnologygroup .net (162.220.84.151) by
SN1NAM01FT002.mail.protect ion.outloo k.com (10.152.64.63) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_ AES_256_CB C_SHA384_P 384) id
15.1.693.6 via Frontend Transport; Tue, 1 Nov 2016 19:08:04 +0000
Received: from 127.0.0.1 (ZixVPM [127.0.0.1])
by Outbound.omegatechnologygr oup.net (Proprietary) with SMTP id 1C3B5E716E
for <bkeating@k5-tech.com>; Tue, 1 Nov 2016 15:08:04 -0400 (EDT)
Received: from mail.axisbenefits.com (50-193-80-133-static.hfc. comcastbus iness.net [50.193.80.133])
(using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by zix01.omegatechnologygroup .net (Proprietary) with ESMTPS id 1C826E703C
for <bkeating@k5-tech.com>; Tue, 1 Nov 2016 15:08:03 -0400 (EDT)
Received: from AXISSERVER.axisbenefits.lo cal ([fe80::c238:bfeb:1f1:578c ]) by
AXISSERVER.axisbenefits.lo cal ([fe80::c238:bfeb:1f1:578c %10]) with mapi id
14.01.0438.000; Tue, 1 Nov 2016 14:08:02 -0500
From: Kathy Beggerow <kathy@axisbenefits.com>
To: Brian Keating <bkeating@k5-tech.com>
Subject: RE: another test
Thread-Topic: another test
Thread-Index: AdI0bxzuVH8eg+h+T9ybwC/Ri0 SLqgAA74Lw AAAXTkA=
Date: Tue, 1 Nov 2016 19:08:01 +0000
Message-ID: <CC2918922F8865409382803E0 95EB5942FF 93D59@AXIS SERVER.axi sbenefits. local>
References: <CC2918922F8865409382803E0 95EB5942FF 9393C@AXIS SERVER.axi sbenefits. local>
<CY4PR01MB224567BB6D8C12DC 713A0DEEC5 A10@CY4PR0 1MB2245.pr od.exchang elabs.com>
In-Reply-To: <CY4PR01MB224567BB6D8C12DC 713A0DEEC5 A10@CY4PR0 1MB2245.pr od.exchang elabs.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.0.32]
Content-Type: multipart/related;
boundary="_004_CC2918922F8 8654093828 03E095EB59 42FF93D59A XISSERVERa xisb_";
type="multipart/alternativ e"
MIME-Version: 1.0
X-VPM-MSG-ID: 5b1ddb38-0109-4965-847a-5c 42c5eda832
X-VPM-HOST: zix01.omegatechnologygroup .net
X-VPM-GROUP-ID: 297fe3f1-61fd-4651-b2d2-cf 3fd0d9af9f
X-VPM-ENC-REGIME: ZixSMIME,Plaintext
X-VPM-IS-HYBRID: 0
Return-Path: kathy@axisbenefits.com
X-MS-Exchange-Organization -Network-M essage-Id: a075226a-61d2-43fb-d715-08 d4028a6879
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessa ge: e0ed04de-a27a-4e49-9c5b-00 e094701550 :0
X-MS-Exchange-Organization -MessageDi rectionali ty: Incoming
X-Forefront-Antispam-Repor t: =?us-ascii?Q?CIP:162.220.8 4.151;IPV: NLI;CTRY:; EFV:NLI;SF V:NSPM;SFS :(97900?=
=?us-ascii?Q?2)(8156002)(2 980300002) (428002)(3 020300005) (189002)(1 99003)(?=
=?us-ascii?Q?52314003)(501 574003)(37 7454003)(5 5846006)(1 9627595001 )(19617?=
=?us-ascii?Q?315012)(15975 445007)(84 326002)(92 566002)(53 10100001)( 1096003?=
=?us-ascii?Q?)(8896002)(18 206015028) (193004050 04)(290010 0001)(6916 009)(29?=
=?us-ascii?Q?20100001)(101 26002)(295 0100002)(1 6236675004 )(34807000 04)(509?=
=?us-ascii?Q?86999)(221733 001)(99936 001)(54356 999)(76176 999)(19580 395003)?=
=?us-ascii?Q?(19580405001) (589010000 1)(5250100 002)(51295 4002)(9686 002)(26?=
=?us-ascii?Q?0700001)(7696 004)(67866 002)(79060 03)(236004 )(33656002 )(66926?=
=?us-ascii?Q?002)(3846002) (101416001 )(98436002 )(586003)( 102836003) (790700?=
=?us-ascii?Q?001)(10000500 002)(11100 500001)(75 96002)(110 136003)(18 9998001?=
=?us-ascii?Q?)(105586002)( 450100001) (196252150 02)(611600 2)(7116003 )(57578?=
=?us-ascii?Q?4001)(8636200 1)(356003) (7636002)( 1776004500 3)(1078860 02)(626?=
=?us-ascii?Q?004)(7736002) (7846002)( 5660300001 )(8676002) (106466001 )(24600?=
=?us-ascii?Q?2)(7099028)(1 11123002)( 7090600002 )(969003)( 989001)(99 9001)(1?=
=?us-ascii?Q?009001)(10190 01);DIR:IN B;SFP:;SCL :1;SRVR:MW HPR01MB225 5;H:zix?=
=?us-ascii?Q?01.omegatechn ologygroup .net;FPR:; SPF:None;P TR:zix01.o megatec?=
=?us-ascii?Q?hnologygroup. net;MX:1;A :1;LANG:en ;?=
X-Microsoft-Exchange-Diagn ostics: 1;SN1NAM01FT002;1:XJgjffcB tyWgle3zYB fLWOhPPZ/f G1eJma5THd tuKHRhnEJB 26FGSBFHfr m0DB5WZ9Bb btSxEjs9/E vUMwWgB2gZ h8atslW7tR EpjleUd5+I G8AfVLyRi6 bDQLN3BCRa sc4O59nlqE ALUmhEBxug pWB2JOGVKu GKwSmuNK5R cSG3sUDgYO QtLqlP2tYW pLFXQuS+zR FQGugRRKsy uJIh8is7QW OYIhnCBChZ a7pdFCZ+gB fLJmh3e2ts foqTeD9wtx h5ENBwbMz+ 0AMD6F14JD ajJZI7I/Uy rsF2oSgllq Zzwp6SP2jL 1hj+oyE5mg J7C0zZ02SD +/MJ9C8LhJ E+ASotj89W KAbYhOi6tG uKsj5t+R64 t8xPxLcFkJ hrp4leUhis 4fcwmCssNZ Z1kp8DfCNA QkFFkzkL3x r25JKNvtYb H+/m991AGc EkaIr3005W 8TLOfxdQZm RXTaszkv3f kBJwBmBwUw x+JhoFjfGN 64fc1nWmVf zIhBzX0YR9 ayPpIX5f4V pI1brqt81e ZUL+37ZLs7 bs8KYSYSyd e4jeqmA=
X-MS-Office365-Filtering-C orrelation -Id: a075226a-61d2-43fb-d715-08 d4028a6879
X-Microsoft-Exchange-Diagn ostics: 1;MWHPR01MB2255;2:WDnAUl0x 9sLZN5LHCz hO4D4MF0nn Xeb2bp5KU5 9JSRiFE9zs W6i0v9UW7M cQYTOmaDsu jfYjyXXOj8 eT4jmvaHrn ZnS8Zpzt0L HCChqhSa31 QqvhjEsWZC dKL9ox9BtU x1mcUp3TyD R2ZCyLmCzA Uv12yAc/BW spG1Bn3wK/ /26HlRZO4N E4cKk/a6n5 mKoY+wAtGi 9ABKnkD8nJ VdNVXw==;3 :HlCYQYi+h bJClYxwZGU grnpShKlkO Vniqr7bk25 5Qb+PFvgcG YmE5I+rNPk Mb892do2LQ BORLPwgMq/ yYIP8gjjl2 9v3dYRsZHQ kdtaMj3563 lQig09v9sI p7SclNdHbs K3V+hr47ZI YgqlcXQdk4 gQCA7hnPY8 sz5iAbm9oB NcEmI9npzA TOYysR2lCA +cqB4xxI4t 3KVPlkg34g Jk1W0IEOpK gpFfhiPjGX 4gGFHLBuzt yV6Er7RiKa I9ECAoAc3a iOTAJyl3s9 YL+CZFXVIo NH5PRVqZX3 LlDJSnqpd0 =
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEI D:(8180016 1)(7170100 4);SRVR:MW HPR01MB225 5;
X-Microsoft-Exchange-Diagn ostics: =?us-ascii?Q?1;MWHPR01MB22 55;25:215F qlAaJZXLT/ FGao5ztsRJ kG2HKUSoy+ 3Ld3BZJ?=
=?us-ascii?Q?XjpvJrHpIs+WQ aUp68CEhWL 1L6KYZcPsE pVYYLY21pF YWECjSB9N3 CmC1BpV?=
=?us-ascii?Q?pPx8DT2sulvll MQA8KNeDXf FytQeQ0D8x 7aNSwWMYAh XaUSwVOUpy q5hdv4r?=
=?us-ascii?Q?VD7r31Tg2uVhk QiFkhWew0x fdp1dyiaxi uerv71g+5h CcD++KIO7d o/yoMdh?=
=?us-ascii?Q?K3lwG3rttN8Zf qI1Iv80PuY IPPumbDSgc /5OlfT8SS2 o/K+LRpCDa DKY4itd?=
=?us-ascii?Q?EozkesMG2BpEO ipGuQ0JeVH yqHvZpLsEt x7gK5G3NB2 2MEABOXoND 1tEVRST?=
=?us-ascii?Q?4KEAA2MWnBoqy OQiPkQ+mvc LSOg/sYX/o fdlaqikVVB QIB6VgJGep lothonO?=
=?us-ascii?Q?udPlM+yj02lnY uB3k2BaKuc anwDIaPRHq HFplrCg5Yu c1QPeFus9q Yn3TZYQ?=
=?us-ascii?Q?FkXv1632bsUz4 rydsnlvez2 m2XYM5aWVQ hQoEkyycIz 5REVq04bR3 eW64k3G?=
=?us-ascii?Q?tWWmeK3/lp8bc KCdCBeyocJ LykGFnZDLZ SBBVEtujD1 +3jaWc1Cq6 JMhoGEy?=
=?us-ascii?Q?K8SL/Pb5MKAMQ 4ve7WjHKbF NzDNWJpoZd UzyLBya1+o PABGZMD+Pj DdjRDDl?=
=?us-ascii?Q?q8B7ymaswV4E+ V8CjUVYPYx J1SBYpxISb synlBoX8sy UtVFa48dow OL0t0+V?=
=?us-ascii?Q?VUMcDITIRZksA xpqVf/0VTE LHFWLdVLby y9s1yVlF4D F+BvSZcGML Ta3HRuq?=
=?us-ascii?Q?ISaUv3hJiJLlb JD9iUbON+P 0o6u/JJo+Z oaBLMph8AM FLP/PpxL7J cO5/sfs?=
=?us-ascii?Q?xl6tMc/HNaBqw agBiE9kiqx DYlwqcwnhw LAWojlJMuF jWKGAh52Nj oIaVaMy?=
=?us-ascii?Q?w2K2PLpPfTWNw 7jrkiFtVJ7 v8z9S3kRdW z5o8Ds0Nd3 qI+ohp5kgp 6CsO/M5?=
=?us-ascii?Q?dWYWMbYI1Mh1h 9vNfpq5GOY wjpUzLmQ+I BrkGyznqzp sUEZMY1oHw Z32zctB?=
=?us-ascii?Q?mMB+8y+j6g2+c SmwJWI4n8D PE8qPmDJtx rRpEfqB8wP 5yw64qWTkn W7LU0nU?=
=?us-ascii?Q?cXkewapuAqgjf jlTiB3MdYt lLDy0Ruetf prbu5/yuVs M5eO1lzem0 RyrmjiK?=
=?us-ascii?Q?AgsPooo7UsH+F eqLczDDhd+ RwTLqUHo26 8T2QXjDcWa N91lcEutSY j9k0DFA?=
=?us-ascii?Q?h15nDsl0/MBkr 8=3D?=
X-MS-Exchange-Organization -AVStamp-S ervice: 1.0
X-Microsoft-Exchange-Diagn ostics: 1;MWHPR01MB2255;31:cNkU30y bLFlxmPORn GhEINqdXzN PuKsfATPyN s8fFDzCKFh V7hEOXtKd2 uT2Ko2eerF Q6sEqb8aSp KL8nkkqSqf Z+5DGPSD1d HEZzQWRfKf 3tAu2VQQZS LJkKMfSrA3 tWMekTgxNd 02KV5to0RM L8DuZsiIkK wxRmMj8EL8 rtX5Ph/K8o xqsWE/OF1P bNsK+VhMcw scCuzk33Xw FsIIX8xtGE ubqu3jiHAa AqBBl7PJ89 wNOvdNyLjY 9/oWu0E/zi aqW7EDBlYB cZrKMa85ig jNF9rXN/if 7Df8Knvzcj co=
X-Exchange-Antispam-Report -Test: UriScan:(192374486261705)( 6388875144 3075)(5006 6401698855 )(21748063 052155)(27 5809806118 684);
X-MS-Exchange-Organization -PCL: 4
X-Exchange-Antispam-Report -CFA-Test: BCL:0;PCL:8;RULEID:(102415 321)(91015 31078)(240 1047)(1301 8025)(1301 6025)(8121 501046)(91 01536074)( 1020150104 6)(3002001 )(92020022 3);SRVR:MW HPR01MB225 5;BCL:0;PC L:8;RULEID :;SRVR:MWH PR01MB2255 ;
X-Microsoft-Exchange-Diagn ostics: 1;MWHPR01MB2255;4:XhrXH/+S jpntjg2od+ BbakuslhEZ 6KAyqgXTMj s3Si5l3tX4 s/CQRdRhkc jekoWA5ta4 1pSr5LitxG 7g/cQLJs5/ /GsNfEMIwd 8oQia3adll sHineQmxlv xsai8s+9mA 2aIU4xQjRt PRRgyHxyJz YwwNfQBC+5 3Lj77ShXS1 bSesJyieGV Nby1G66QOE 5WzSmLs8Ts N0vAXtaZmS APsMEAHsfx yz+d5xRs8M zxA7rZAQxh 8sOXcQN/Bu QGZEvWL8ZH dMD9v3lSYM 8FHbSCYRPS oi0Pk+qA/C 3Sztuk5S+/ zq8tEreBdO Glz6dWciwh ndF3RPPEji vP3f8oVy4+ OcEIynArDp /siKZj4gXa iyfqOlMA73 fdC+FrGz8K V+HLh6y6+0 kvZuHVDZGe 14U7pmG73o SD1G/DSNbY aXesoPCW3F HPt44j75Yt xGbwBYXh5K gVXwLXepP9 7UA96Y1Xu3 Q5O38hJ/dr Yo5gJXvdvk mp7e/IJZ/V C6uSBKYFDT MT4R790Pvg 0H4SiakciW aO1+uPvnw7 iwau1uDFHO 1KiclkufAG bLNZUX4z+u pwS0RJyUdm R9m38RrbRl SjoVqKQIqB hEByqarD57 OhUTg5ixQR BKcyG1humS oByOMvy/oM LMoql7UnPs wBqIUAEecz ub3+ohroZq ji22EAA47O Ou6xI=
X-MS-Exchange-Organization -SCL: 1
X-Microsoft-Exchange-Diagn ostics: =?us-ascii?Q?1;MWHPR01MB22 55;23:KGzV aZdJf7rMQc CF6h9A2gUm w1U/XpTTHz hPaQpSU?=
=?us-ascii?Q?daIgLes9zwEOI 4rqZFdBE9Z 9jqiiRFsKG 5Yb2G+uUoc 2wtDsDU7x2 Jrm+npE?=
=?us-ascii?Q?lecET6q6Yuykw OvKBTJSHho TxnyAv9qnq ftP3ozXHg5 U11pbAnGwF PPcS5Zm?=
=?us-ascii?Q?8G0p7zN+gHvxq tuJTg/D+qM x/qHCtLTcv Aqqk5tRfAv 65gsjweVYz KRpahCB?=
=?us-ascii?Q?mGRAJ6ZK3cQTc KIcMXXLcQ7 gtJE2xdate l+NTTPLzM0 oYD8Xh/kfy dohf2+n?=
=?us-ascii?Q?s7ePjvCTq7+2I rirT9lawg9 Hm2Kh3GDY1 w82D9iNJcs YtCCJh5mmZ A+3cP4l?=
=?us-ascii?Q?di6pQjOU/DP9l ROeEwOCX/0 nYv044DwsW 8MeLKkkl7k KioLczO6Xz MSxN8wU?=
=?us-ascii?Q?9VzCwQD9nXjz+ qR7F6GwWF2 XzaMlWgLz9 og2yXb3T/t Y6QS7m/gHL /+ndHba?=
=?us-ascii?Q?ZKsqDpvnwys4E PIzJsOhD2i GXkiZeDObH BqbWRtu4ls l/s2yuo+gQ BNqEKS0?=
=?us-ascii?Q?5EmAVTj5/oHhy ZrJQY9F0+v E0H5qpaeG0 ftlFEb1p5g Xabx+S8SJC ArwY+xS?=
=?us-ascii?Q?w5DNrNTErPHkA JX7ebtwpEn 6L8rkRjGog bm7DeQz03h ks/7O3edrK lbchMki?=
=?us-ascii?Q?PLk+kccbLNaTO dMTy2gpnXV 2bYsJUNpkC CznukFcW+C MIKQc8zYd7 s/gGU9Q?=
=?us-ascii?Q?rCY/PyBTPYw7/ q9j50/R/EZ nvzrQVQCFu 5jutMP6+tJ kRebfZTMZC ZizBDnw?=
=?us-ascii?Q?FIuQL8Zmq5ojU wU3kYn0Hbq IIfCc1Gp3J iQaRFgPKHK ag4xrIGAfy EO+jYuT?=
=?us-ascii?Q?wVxuxGxxqQmQ0 96gOu96F8N uBZ6SLAA+j rSKfjHqqnM SphHGDUIBd 7TJnC7g?=
=?us-ascii?Q?4iuFalQDlPrgB 1x/pCosmPq hX8spo0l+t IlcHh93RPz mNg6YaL8sv ZQmpG1A?=
=?us-ascii?Q?2+KOtkvOj87oZ 0zdI6oG5os cw66/Jrbg1 SJ9e55fnPR P9T/O2oI0q 3wCa2pE?=
=?us-ascii?Q?F6sO2f5LBBqOe SVx46LGVCO DdU1RLvNyn 0pg27vm0aI /oafYO/COI w3kqFF6?=
=?us-ascii?Q?Uv/5wNBewn8QG cwXCQXs7MX MyOYzhSeZd OYyTaORAC2 eRXaVkt5Zo Gm6Y1AO?=
=?us-ascii?Q?uymDVOBXeFIL2 DBEgzyF0ic tGyLRv+P2r xP+tQ20H6U W1TVDow3E8 uZo5IuL?=
=?us-ascii?Q?jKUlpJLVhbf97 JOrteS3SiP CSfL1QSlO+ PB5L4akayZ evJJ9ffif2 tLWfr1e?=
=?us-ascii?Q?ash5QRzfeUB/n 74ZtYagzbY kPX6PV8/Af Ok/mwQSqHo dewOICXcRh a4c+Aft?=
=?us-ascii?Q?6MfD+Fi/5jFmP e9+X1bIKT0 HSxfQ1uJyZ cOPNt+yA3Q NHQBsWEqgY basWSVk?=
=?us-ascii?Q?h6lRnSB8+rgNK R/iEy9Tiv/ 5hoepJmFvy VodMvZEIvG 13/2/+L22D D5syTFc?=
=?us-ascii?Q?g6qVwLaAj+rV/ BRAxsemR2L cY8sJjvapX KW8REWKb5e oW/Mxz7zK0 vQb7Byd?=
=?us-ascii?Q?oCeymYEMZn1S/ KhOXn7sWuc N4xLXBSKUV RUkrwlmKru gnio5duMec /9d3OhR?=
=?us-ascii?Q?QfkSon0alHaZw A3iWBYW4Cy LWdsRv2T2M V6bU2B+UT/ xll1PJL75u z5aCkE9?=
=?us-ascii?Q?4Pir/4zPkO+r3 a0P2vmC5mK EYnGzfR7Kg L7BTZ6EDxw v1icuJNT1V vRAfJtp?=
=?us-ascii?Q?eIu3SyjqlWzRm l0zqWN5fGm C2PKHQbZO7 hyKzc0X9pf 2Tm6JLrDg3 1jIJB5G?=
=?us-ascii?Q?HGvMIiB27gHbq xYWXOaXM9j s1T/3POL6Y +lwH67xaaV qeD/egoylk XlBo5fh?=
=?us-ascii?Q?/ykPqqe79LRGr D8YQL7uRhj Rbv/Fw0fS8 Yx2b7z3AV3 8498xR1rLr nm7v4qe?=
=?us-ascii?Q?vRjMACCJtCptn aBieyI8pkV 1p5/z4v6tu Rm2JUiKV7r 5cDTiJj6nm xzSlanq?=
=?us-ascii?Q?5D629ernaNeSz dCOlTC8mWL Brlm9vq4Ht P1L9Ua6TRr 4IyFOFoXx+ dN3Ra10?=
=?us-ascii?Q?z0=3D?=
X-Microsoft-Exchange-Diagn ostics: 1;MWHPR01MB2255;6:PvlgfMdH x/Yuj9GVA9 EOLexQlTA3 SFSzUL6B1m 80qKCQPIm5 znJWvJsWzW jcjzN62/EB BRN63kpi3N BCYgYoRrTf u4DZY+HPyf gyhvS15j5D 6B4yVvvMKS v72/ri932y 7tnKINa4yS rDDyNWNXFN UQVheyy8r/ f7GJd83gLj AXUWtJS8rQ d8miqbgqqy Nd+7DBP50G +IcW/U4n3C gJiZKcWGO0 stlkQpqxcE 1CF7C54Q7y RlVp5m3d0T x9JPLnZ9Sy jyw7GyE/Nh sA3GQ90vwd 5ehqom2193 BkOkbSQueI B7xQ28jDbT XAKBzPyD7w pwU/lXVP/3 MUqF8LTcBt +s0w==;5:B B6/x9UoTBR 96KdBZ5yzq buGuxRWeJz BBYCKt95qZ mqIf7/kHau aEj2ez21l4 JuGxv2PpWe K8cRXTq4uK VnHD+GMVam Cb1LwhxUbX /eVGYXQHML Wgpm9AsLS1 vppksbBEC5 0lKy9nc2ki te3YLMpmU9 Oahz1wTy23 dgALq3dlkk =;24:CVlsh ZoZUc/3nW1 /pWVfOc5fD C3KUXhHHDK g4ZqTxodjf gGcZh6juoZ eHIwYiG/Dc W+vgUF+sKH CTgIL0ES15 U8iDkvde9U mwQYA6MUR7 rs=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagn ostics: 1;MWHPR01MB2255;7:YnznasHX 0toOs0yRQ4 OuCTW6KUj3 RldJXUKbS8 yDLBSFOgf8 5Q59IpW+t2 hXlNpgMGLY j6FSNlM4k7 tiyszU+PlZ KMd4ptB/t3 LoNKfV5rY5 zb+0u2loiv 1AZol+QQ8s WGpmALVBOM BxhgKG40sx iqIzdC4Q6y 98ZfhAH3Bk IRW+HVkWRe h5K3GhVoEX VyUx4+JJ8x xvWwvoDxYo XkrazyGuj8 AS70qO7L+J Cw2LXH4AXR 8mSbUSFqH/ LZfb3tLrhL +uVgfqdvEy 3vt71bDbM/ F7vP3u9Qrf oyU4WmeDMS ZTUNo/NBtY ZZcHeSrY6q E07vNvRboX scMYwIjFxG Jb7tJ+obk0 phBAfYs4Lb e+j80cxUQ1 12YVXha/ZG FZnK9uJpV3 5wrIW5zwRn FPCr72tw==
X-MS-Exchange-CrossTenant- OriginalAr rivalTime: 01 Nov 2016 19:08:04.5765
(UTC)
X-MS-Exchange-CrossTenant- Id: e0ed04de-a27a-4e49-9c5b-00 e094701550
X-MS-Exchange-CrossTenant- FromEntity Header: Internet
X-MS-Exchange-Transport-Cr ossTenantH eadersStam ped: MWHPR01MB2255
X-MS-Exchange-Organization -AuthSourc e: SN1NAM01FT002.eop-nam01.pr od.protect ion.outloo k.com
X-MS-Exchange-Organization -AuthAs: Anonymous
X-MS-Exchange-Transport-En dToEndLate ncy: 00:00:03.0678053
X-Microsoft-Exchange-Diagn ostics:
1;CY4PR01MB2245;9:LWsAiZlm Esc+xfB9sf C8USvtLDQd TuNR3Rv+o9 B2+QHdl2I7 KRk94+MMm/ ErcXzCygqu WoyZ5UHy/v g3V6ZrE62l UKkUTctxPB OX/obussD/ SeMqLUAK5v lTdHZZ4Sxr V0R/uhNVlz p7SQcn+VkM w2a4kFeByw 7JFDc+aY59 5Ri74U8HLU jh9z9SGSy9 GVKAIDyqUm mOF0AKlZK5 xEtqH0GDzi ZxQRoSDsdL 3KQCsEQ=
CY4PR01MB2245.prod.exchang
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_
15.1.649.16 via Mailbox Transport; Tue, 1 Nov 2016 19:08:07 +0000
Received: from BY2PR01CA0009.prod.exchang
MWHPR01MB2255.prod.exchang
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_
15.1.649.16; Tue, 1 Nov 2016 19:08:05 +0000
Received: from SN1NAM01FT002.eop-nam01.pr
(2a01:111:f400:7e40::209) by BY2PR01CA0009.outlook.offi
(2a01:111:e400:5262::19) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_
Frontend Transport; Tue, 1 Nov 2016 19:08:05 +0000
Authentication-Results: spf=none (sender IP is 162.220.84.151)
smtp.mailfrom=axisbenefits
header.d=none;k5-tech.com;
header.from=axisbenefits.c
header.d=none;
Received-SPF: None (protection.outlook.com: axisbenefits.com does not
designate permitted sender hosts)
Received: from zix01.omegatechnologygroup
SN1NAM01FT002.mail.protect
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_
15.1.693.6 via Frontend Transport; Tue, 1 Nov 2016 19:08:04 +0000
Received: from 127.0.0.1 (ZixVPM [127.0.0.1])
by Outbound.omegatechnologygr
for <bkeating@k5-tech.com>; Tue, 1 Nov 2016 15:08:04 -0400 (EDT)
Received: from mail.axisbenefits.com (50-193-80-133-static.hfc.
(using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by zix01.omegatechnologygroup
for <bkeating@k5-tech.com>; Tue, 1 Nov 2016 15:08:03 -0400 (EDT)
Received: from AXISSERVER.axisbenefits.lo
AXISSERVER.axisbenefits.lo
14.01.0438.000; Tue, 1 Nov 2016 14:08:02 -0500
From: Kathy Beggerow <kathy@axisbenefits.com>
To: Brian Keating <bkeating@k5-tech.com>
Subject: RE: another test
Thread-Topic: another test
Thread-Index: AdI0bxzuVH8eg+h+T9ybwC/Ri0
Date: Tue, 1 Nov 2016 19:08:01 +0000
Message-ID: <CC2918922F8865409382803E0
References: <CC2918922F8865409382803E0
<CY4PR01MB224567BB6D8C12DC
In-Reply-To: <CY4PR01MB224567BB6D8C12DC
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.0.32]
Content-Type: multipart/related;
boundary="_004_CC2918922F8
type="multipart/alternativ
MIME-Version: 1.0
X-VPM-MSG-ID: 5b1ddb38-0109-4965-847a-5c
X-VPM-HOST: zix01.omegatechnologygroup
X-VPM-GROUP-ID: 297fe3f1-61fd-4651-b2d2-cf
X-VPM-ENC-REGIME: ZixSMIME,Plaintext
X-VPM-IS-HYBRID: 0
Return-Path: kathy@axisbenefits.com
X-MS-Exchange-Organization
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessa
X-MS-Exchange-Organization
X-Forefront-Antispam-Repor
=?us-ascii?Q?2)(8156002)(2
=?us-ascii?Q?52314003)(501
=?us-ascii?Q?315012)(15975
=?us-ascii?Q?)(8896002)(18
=?us-ascii?Q?20100001)(101
=?us-ascii?Q?86999)(221733
=?us-ascii?Q?(19580405001)
=?us-ascii?Q?0700001)(7696
=?us-ascii?Q?002)(3846002)
=?us-ascii?Q?001)(10000500
=?us-ascii?Q?)(105586002)(
=?us-ascii?Q?4001)(8636200
=?us-ascii?Q?004)(7736002)
=?us-ascii?Q?2)(7099028)(1
=?us-ascii?Q?009001)(10190
=?us-ascii?Q?01.omegatechn
=?us-ascii?Q?hnologygroup.
X-Microsoft-Exchange-Diagn
X-MS-Office365-Filtering-C
X-Microsoft-Exchange-Diagn
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEI
X-Microsoft-Exchange-Diagn
=?us-ascii?Q?XjpvJrHpIs+WQ
=?us-ascii?Q?pPx8DT2sulvll
=?us-ascii?Q?VD7r31Tg2uVhk
=?us-ascii?Q?K3lwG3rttN8Zf
=?us-ascii?Q?EozkesMG2BpEO
=?us-ascii?Q?4KEAA2MWnBoqy
=?us-ascii?Q?udPlM+yj02lnY
=?us-ascii?Q?FkXv1632bsUz4
=?us-ascii?Q?tWWmeK3/lp8bc
=?us-ascii?Q?K8SL/Pb5MKAMQ
=?us-ascii?Q?q8B7ymaswV4E+
=?us-ascii?Q?VUMcDITIRZksA
=?us-ascii?Q?ISaUv3hJiJLlb
=?us-ascii?Q?xl6tMc/HNaBqw
=?us-ascii?Q?w2K2PLpPfTWNw
=?us-ascii?Q?dWYWMbYI1Mh1h
=?us-ascii?Q?mMB+8y+j6g2+c
=?us-ascii?Q?cXkewapuAqgjf
=?us-ascii?Q?AgsPooo7UsH+F
=?us-ascii?Q?h15nDsl0/MBkr
X-MS-Exchange-Organization
X-Microsoft-Exchange-Diagn
X-Exchange-Antispam-Report
X-MS-Exchange-Organization
X-Exchange-Antispam-Report
X-Microsoft-Exchange-Diagn
X-MS-Exchange-Organization
X-Microsoft-Exchange-Diagn
=?us-ascii?Q?daIgLes9zwEOI
=?us-ascii?Q?lecET6q6Yuykw
=?us-ascii?Q?8G0p7zN+gHvxq
=?us-ascii?Q?mGRAJ6ZK3cQTc
=?us-ascii?Q?s7ePjvCTq7+2I
=?us-ascii?Q?di6pQjOU/DP9l
=?us-ascii?Q?9VzCwQD9nXjz+
=?us-ascii?Q?ZKsqDpvnwys4E
=?us-ascii?Q?5EmAVTj5/oHhy
=?us-ascii?Q?w5DNrNTErPHkA
=?us-ascii?Q?PLk+kccbLNaTO
=?us-ascii?Q?rCY/PyBTPYw7/
=?us-ascii?Q?FIuQL8Zmq5ojU
=?us-ascii?Q?wVxuxGxxqQmQ0
=?us-ascii?Q?4iuFalQDlPrgB
=?us-ascii?Q?2+KOtkvOj87oZ
=?us-ascii?Q?F6sO2f5LBBqOe
=?us-ascii?Q?Uv/5wNBewn8QG
=?us-ascii?Q?uymDVOBXeFIL2
=?us-ascii?Q?jKUlpJLVhbf97
=?us-ascii?Q?ash5QRzfeUB/n
=?us-ascii?Q?6MfD+Fi/5jFmP
=?us-ascii?Q?h6lRnSB8+rgNK
=?us-ascii?Q?g6qVwLaAj+rV/
=?us-ascii?Q?oCeymYEMZn1S/
=?us-ascii?Q?QfkSon0alHaZw
=?us-ascii?Q?4Pir/4zPkO+r3
=?us-ascii?Q?eIu3SyjqlWzRm
=?us-ascii?Q?HGvMIiB27gHbq
=?us-ascii?Q?/ykPqqe79LRGr
=?us-ascii?Q?vRjMACCJtCptn
=?us-ascii?Q?5D629ernaNeSz
=?us-ascii?Q?z0=3D?=
X-Microsoft-Exchange-Diagn
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagn
X-MS-Exchange-CrossTenant-
(UTC)
X-MS-Exchange-CrossTenant-
X-MS-Exchange-CrossTenant-
X-MS-Exchange-Transport-Cr
X-MS-Exchange-Organization
X-MS-Exchange-Organization
X-MS-Exchange-Transport-En
X-Microsoft-Exchange-Diagn
1;CY4PR01MB2245;9:LWsAiZlm
Message-ID: <CC2918922F8865409382803E0 95EB5942FF 93D59@AXIS SERVER.axi sbenefits. local>
This is the source of the emails.
This is the source of the emails.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Phishing is determined by content. That is why I said to whitelist the address.
That's not a setting K5 can configure since his organization sent the email.
ASKER
The client does use Zixmail to send encrypted email. I'm not the familiar with it. Let me check with Zixmail tomorrow.
Sounds good, I'll check back later and we'll eventually get it worked out. Have a nice night.