Andrew N. Kowtalo
asked on
Phishing Emails slipped past O365 spam filter
Hi Gents there were a couple of emails that slipped past our O365 spam filter. Below are the header files is anyone good at locating where the fake address is coming from? Would greatly appreciate some assistance in locating them.
Received: from BN6PR11MB1954.namprd11.prod.outlook.com (2603:10b6:3:129::24)
by DM6PR11MB4626.namprd11.prod.outlook.com with HTTPS via
DM5PR21CA0062.NAMPRD21.PROD.OUTLOOK.COM; Thu, 13 Aug 2020 17:31:38 +0000
Received: from BN8PR11MB3667.namprd11.prod.outlook.com (2603:10b6:408:88::14)
by BN6PR11MB1954.namprd11.prod.outlook.com (2603:10b6:404:106::21) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3283.16; Thu, 13 Aug
2020 17:31:36 +0000
Received: from BN8PR11MB3667.namprd11.prod.outlook.com
([fe80::cca6:c530:fd5a:4633]) by BN8PR11MB3667.namprd11.prod.outlook.com
([fe80::cca6:c530:fd5a:4633%7]) with mapi id 15.20.3283.015; Thu, 13 Aug 2020
17:31:36 +0000
From: Bill Van Cott <bvancott@montante.com>
To: Joshua Gillebaard <jgillebaard@montante.com>
Subject: FW: Urgent: Your bvancott@montante.com Account Will Soon Be Closed
Thread-Topic: Urgent: Your bvancott@montante.com Account Will Soon Be Closed
Thread-Index: AQHWcZduk+yp/GhfgkKnmVYYum+8xKk2S+Jw
Date: Thu, 13 Aug 2020 17:31:36 +0000
Message-ID: <BN8PR11MB3667001C41137923906F1A6DA4430@BN8PR11MB3667.namprd11.prod.outlook.com>
References: <953e08ab-7ac2-0530-7f86-8765ae040228@chetritgroup.com>
In-Reply-To: <953e08ab-7ac2-0530-7f86-8765ae040228@chetritgroup.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Exchange-Organization-AuthMechanism: 04
X-MS-Exchange-Organization-AuthSource: BN8PR11MB3667.namprd11.prod.outlook.com
X-MS-Has-Attach:
X-MS-Exchange-Organization-Network-Message-Id: 1975c377-2313-4f57-c279-08d83faebab9
X-MS-TNEF-Correlator:
X-MS-Exchange-Organization-RecordReviewCfmType: 0
x-ms-publictraffictype: Email
x-ms-exchange-organization-originalclientipaddress: 184.74.50.118
x-ms-exchange-organization-originalserveripaddress: 2603:10b6:408:88::14
x-ms-exchange-organization-submissionquotaskipped: False
authentication-results: montante.com; dkim=none (message not signed)
header.d=none;montante.com; dmarc=none action=none header.from=montante.com;
x-originating-ip: [184.74.50.118]
x-ms-office365-filtering-correlation-id: 1975c377-2313-4f57-c279-08d83faebab9
x-microsoft-antispam: BCL:0;
x-ms-traffictypediagnostic: BN6PR11MB1954:
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:-1;SRV:;IPV:NLI;SFV:SKI;H:BN8PR11MB3667.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:;DIR:INB;
x-ms-exchange-crosstenant-originalarrivaltime: 13 Aug 2020 17:31:36.1221 (UTC)
x-ms-exchange-crosstenant-fromentityheader: Hosted
x-ms-exchange-crosstenant-id: 38232421-5782-4ab7-b642-8e1f6443d93f
x-ms-exchange-transport-crosstenantheadersstamped: BN6PR11MB1954
x-ms-exchange-transport-endtoendlatency: 00:00:01.9721062
x-ms-oob-tlc-oobclassifiers: OLM:1091;
x-ms-exchange-antispam-messagedata: zua0dXIybzPP1eG6Zr/uNRggeXUQMcmYJJE1Z2vrsycnSn6tnpHJcCKPXepRdVLt1pJnBvvcu0iEWHRQkORi8PwvqGZKUh1+XCQ6b55vTlTR8ZxDggDXNiLTg5Vt5LWXGu/XUPNQ50KvChn6WIwwaDSkB2J97AYO6YiF4u6NybobxwpyROlgqAmeTk2CTjNNmdcUFpY6jqhvtk/yN0sJBsZRfRCdom1W9o+DsZBGHQjA6VNu7+YVCNvSd4IK3rLW2aR1tMzk+I0d/m1w/epl7cj3LYHIPa1aqg6Rtm4YhpW1RIXcjC3vTLzIgBkLFu89Cd3sjMnoqUtFo7YHJCDkgEVaqJo5e4vYd+4HmFQMGdQfWILa00YEsznhnoeK3pRaxGZbQ8LbalVOlcgqtdEErNDmWi91/lZcKo4DENxmnghG1bREmxsDkljwzj/f4YiFLlkv7O940mCOj7/3q0hu8uzFcYz3BUrrnKUCuAo88jwRkQanKBeEpFyQ4oHG5quWkJJpNb37TaKwKU8uTh96r1b36a1Ixt+1wpXOQJcVM4vcxlWjhRx/WnRbaphwC0PUtBlD2sJ8j0cAzgEePJ6/ngr5Senc5txbZFWBLYucjUr+Nfi1OQIAWRXE12GnrpnYCGvs0nWNEgh8yTebRDk6AQ==
x-ms-exchange-crosstenant-network-message-id: 1975c377-2313-4f57-c279-08d83faebab9
x-ms-exchange-crosstenant-mailboxtype: HOSTED
x-ms-exchange-crosstenant-userprincipalname: NnRE96bNmf38Ha/8irQyCxPyvDwwDxxh0O6XRW5q/4DLlknctnWkTLNKMWyxg+/W3YyerSm7MgeeIcm3l7xsZA==
x-ms-exchange-processed-by-bccfoldering: 15.20.3283.015
x-ms-exchange-crosstenant-authas: Internal
x-ms-exchange-crosstenant-authsource: BN8PR11MB3667.namprd11.prod.outlook.com
X-Microsoft-Antispam-Mailbox-Delivery: abwl:1;ucf:0;jmr:0;auth:0;dest:I;ENG:(750128)(520011016)(520006050)(703014)(944506458)(944626604);
X-Microsoft-Antispam-Message-Info: chdHoffJtVd0npB5UP5eS+hILvg1BWqrwY+bt9AHY9n5CkHKJWzTpEWhNkjB1o6ROH+/zL9HZ7Jbb3nGHieTWBiixJ3IyIQPKdMDMZH19mlFi54vK9M5eh1CSsfflMdDlhfaOmJscsLH/OlUTujw5dWrMsIH29SQi3JD7PQZ0U9WEBYyifgxT1mZcvTvaFaN7PTtG3EsZDuutKZDoARc7kTFdbVU9DjIcYU8hPgib3ZhSr3DTQ+9wWVKiyqSHDUSiwiO50Yylqr5nMpnMjnrTLG+KvW61+Ps3EeM1sVwmXwAnixUG1VHSx3BQxuVovrv/D/t6sLpsYzKDbkYaZ7Olu/wwmPhI6uDzyGmemi8JqJgGOcAiXfKh64oxwbQEu0uUjVASro2oq2sfavLQ2ggxTmIvg159U+5ZHCrXbpysM0=
Content-Type: multipart/alternative;
boundary="_000_BN8PR11MB3667001C41137923906F1A6DA4430BN8PR11MB3667namp_"
Importance: high
X-Priority: 1
MIME-Version: 1.0
Received: from MN2PR11MB4125.namprd11.prod.outlook.com (2603:10b6:3:d4::15) by
DM6PR11MB4626.namprd11.prod.outlook.com with HTTPS via
DM5PR05CA0005.NAMPRD05.PROD.OUTLOOK.COM; Mon, 10 Aug 2020 15:58:35 +0000
Received: from MN2PR11MB4063.namprd11.prod.outlook.com (2603:10b6:208:13f::22)
by MN2PR11MB4125.namprd11.prod.outlook.com (2603:10b6:208:155::24) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3261.16; Mon, 10 Aug
2020 15:58:34 +0000
Received: from MN2PR11MB4063.namprd11.prod.outlook.com
([fe80::b898:36f5:61cb:42ca]) by MN2PR11MB4063.namprd11.prod.outlook.com
([fe80::b898:36f5:61cb:42ca%7]) with mapi id 15.20.3261.024; Mon, 10 Aug 2020
15:58:33 +0000
From: John Bellefeuille <jBellefeuille@montante.com>
To: Joshua Gillebaard <jgillebaard@montante.com>
Subject: Fwd: New Grit Seed Account For Montante Construction
Thread-Topic: New Grit Seed Account For Montante Construction
Thread-Index: AQHWbypV0F7sWmUaXUSRWxjp8DGI9akxf97d
Date: Mon, 10 Aug 2020 15:58:33 +0000
Message-ID: <9DF8C5B2-3FB9-4AEE-AAE6-EBBDABD900ED@montante.com>
References: <01000173d8f9022c-abc109c9-b763-418d-aaea-d77f73e40824-000000@email.amazonses.com>
In-Reply-To: <01000173d8f9022c-abc109c9-b763-418d-aaea-d77f73e40824-000000@email.amazonses.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Exchange-Organization-AuthMechanism: 04
X-MS-Exchange-Organization-AuthSource: MN2PR11MB4063.namprd11.prod.outlook.com
X-MS-Has-Attach:
X-MS-Exchange-Organization-Network-Message-Id: 1f2c963f-242a-45c5-9e3e-08d83d463c22
X-MS-TNEF-Correlator:
X-MS-Exchange-Organization-RecordReviewCfmType: 0
x-ms-publictraffictype: Email
x-ms-exchange-organization-originalclientipaddress: 2600:1017:b105:52c0:74e3:5ede:51e:4449
x-ms-exchange-organization-originalserveripaddress: 2603:10b6:207:17::26
x-ms-exchange-organization-submissionquotaskipped: False
authentication-results: montante.com; dkim=none (message not signed)
header.d=none;montante.com; dmarc=none action=none header.from=montante.com;
x-originating-ip: [2600:1017:b105:52c0:74e3:5ede:51e:4449]
x-ms-office365-filtering-correlation-id: 1f2c963f-242a-45c5-9e3e-08d83d463c22
x-microsoft-antispam: BCL:0;
x-ms-traffictypediagnostic: MN2PR11MB4125:
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:-1;SRV:;IPV:NLI;SFV:SKI;H:MN2PR11MB4063.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:;DIR:INB;SFP:;
x-ms-exchange-crosstenant-originalarrivaltime: 10 Aug 2020 15:58:33.7332 (UTC)
x-ms-exchange-crosstenant-fromentityheader: Hosted
x-ms-exchange-crosstenant-id: 38232421-5782-4ab7-b642-8e1f6443d93f
x-ms-exchange-transport-crosstenantheadersstamped: MN2PR11MB4125
x-ms-exchange-transport-endtoendlatency: 00:00:01.5664223
x-ms-oob-tlc-oobclassifiers: OLM:1751;
x-ms-exchange-antispam-messagedata: JL6J3X2i9IsuMStjWXgzcphGOPHGIv9ZDeiPFkXjDLR9Mh3/8LKBswAxpKWiI3cQiGHAtgTmQ9qI95wf2Iivw6o6dqm8/ekAKdkUGndfqIcIkaZ1JmNNeGF3Z2lSp0FHawPIRo6frwtowfq+pjILRPPjR43uPpHK7NIzsS32K6Ov+ewRVnGLf7TpMiOUzkOTNc+1wn7WT6Kc6UcY+QUrkt2MTWs4maah0nJcAfBQ/PrV4dMbRP7j2fMHjYKWd/40KwVLYrDhEY2EXqT0PatEyBOlRfNFjjp2Xcslgq8DztuGeUxosi+naETgbsop0DVNkIcRWYZ/te8tpnsCj4sYL9offjAMDbVMBiRkNcur+fEpUhz+O/z0zafF8Ru9x05UzBw1cm4tEUu34o+T0dmcraKYD24yJh9FYdsa1AS9lAu5nm8uskrv4g9T3AgHRGH2T/GaEvBLdZkm/7dUmnAEfWqiqzL2TMX3FcSMPJuCj29z9BDekJfeiHPN9eHmhQSQCtlPE+LUJ3AyGWOXfzPyj1tyMZgeZGZJAxzWuIGeoD+s6DKHdmdgE84TeKNKlISPl/vvztLX15255zVqFMRnlhzpP0Uc4cdlJY1iJZ4DR+4wMsCobhWJ3u5ZubFkokbE3WyCKLFLwcIEGvtPNeJRnQkRcsOM55TOpc+b9ZjlOwHuLvaPt0EY3qPOiKSUQDtnZ2UNAww2VRwdbnpDGuREFA==
x-ms-exchange-crosstenant-network-message-id: 1f2c963f-242a-45c5-9e3e-08d83d463c22
x-ms-exchange-crosstenant-mailboxtype: HOSTED
x-ms-exchange-crosstenant-userprincipalname: pkcQqF2MmX9r5+zW+aVRClMN897wUJNTop2fbiAOkP9FJf0w62Zl/H1jgQeTQYLH7loY6MZ0R/afiX5XaIrWMBw02YqcesYA82fTpPE1ReI=
x-ms-exchange-processed-by-bccfoldering: 15.20.3261.024
x-ms-exchange-crosstenant-authas: Internal
x-ms-exchange-crosstenant-authsource: MN2PR11MB4063.namprd11.prod.outlook.com
X-Microsoft-Antispam-Mailbox-Delivery: abwl:1;ucf:0;jmr:0;auth:0;dest:I;ENG:(750128)(520011016)(520006050)(703014)(944506458)(944626604);
X-Microsoft-Antispam-Message-Info: Bhp5h0Wf4qD6nrYtf6Pqb/RlRe+AirzR/o5xRMvDUlo4t/ETWweHWEoerNzLnlc7kPt4HkjHMZyPLA5gpW8p1Ld/JOrvHSqZ7O83ZiFyaiZ2BQZ710ptBF338Z+U3FGmLASdSWwR9Ox/VGR8m+kPxzJ1UmIRlu8BY2OF/CUMFp5akLb+y53M5BsANh7fDEVk+FXVYjajw/rFT9byRqnVAnL7ldQWJAZi/rnyFbLcYy0uVYbXFu+CO8UtynvGXRjhDW0zSbjefmP03g2OErFBl24QaZUXiIP2m9WGiEzD5x4OBiJKs6i+YbtKDokhESdKQUPgJjLje8tyycmhDelbwmz2OybOkCpGWSKy/Rx32VP37btKGBaDlpBY9fdrbKjdUco+OCHMJK588jqVSfJoVTg+1XPnTeK0eCqUt0kBBCc=
Content-Type: multipart/alternative;
boundary="_000_9DF8C5B23FB94AEEAAE6EBBDABD900EDmontantecom_"
MIME-Version: 1.0
Received: from BN6PR11MB1954.namprd11.prod.outlook.com (2603:10b6:3:129::24)
by DM6PR11MB4626.namprd11.prod.outlook.com with HTTPS via
DM5PR21CA0062.NAMPRD21.PROD.OUTLOOK.COM; Thu, 13 Aug 2020 17:31:38 +0000
Received: from BN8PR11MB3667.namprd11.prod.outlook.com (2603:10b6:408:88::14)
by BN6PR11MB1954.namprd11.prod.outlook.com (2603:10b6:404:106::21) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3283.16; Thu, 13 Aug
2020 17:31:36 +0000
Received: from BN8PR11MB3667.namprd11.prod.outlook.com
([fe80::cca6:c530:fd5a:4633]) by BN8PR11MB3667.namprd11.prod.outlook.com
([fe80::cca6:c530:fd5a:4633%7]) with mapi id 15.20.3283.015; Thu, 13 Aug 2020
17:31:36 +0000
From: Bill Van Cott <bvancott@montante.com>
To: Joshua Gillebaard <jgillebaard@montante.com>
Subject: FW: Urgent: Your bvancott@montante.com Account Will Soon Be Closed
Thread-Topic: Urgent: Your bvancott@montante.com Account Will Soon Be Closed
Thread-Index: AQHWcZduk+yp/GhfgkKnmVYYum+8xKk2S+Jw
Date: Thu, 13 Aug 2020 17:31:36 +0000
Message-ID: <BN8PR11MB3667001C41137923906F1A6DA4430@BN8PR11MB3667.namprd11.prod.outlook.com>
References: <953e08ab-7ac2-0530-7f86-8765ae040228@chetritgroup.com>
In-Reply-To: <953e08ab-7ac2-0530-7f86-8765ae040228@chetritgroup.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Exchange-Organization-AuthMechanism: 04
X-MS-Exchange-Organization-AuthSource: BN8PR11MB3667.namprd11.prod.outlook.com
X-MS-Has-Attach:
X-MS-Exchange-Organization-Network-Message-Id: 1975c377-2313-4f57-c279-08d83faebab9
X-MS-TNEF-Correlator:
X-MS-Exchange-Organization-RecordReviewCfmType: 0
x-ms-publictraffictype: Email
x-ms-exchange-organization-originalclientipaddress: 184.74.50.118
x-ms-exchange-organization-originalserveripaddress: 2603:10b6:408:88::14
x-ms-exchange-organization-submissionquotaskipped: False
authentication-results: montante.com; dkim=none (message not signed)
header.d=none;montante.com; dmarc=none action=none header.from=montante.com;
x-originating-ip: [184.74.50.118]
x-ms-office365-filtering-correlation-id: 1975c377-2313-4f57-c279-08d83faebab9
x-microsoft-antispam: BCL:0;
x-ms-traffictypediagnostic: BN6PR11MB1954:
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:-1;SRV:;IPV:NLI;SFV:SKI;H:BN8PR11MB3667.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:;DIR:INB;
x-ms-exchange-crosstenant-originalarrivaltime: 13 Aug 2020 17:31:36.1221 (UTC)
x-ms-exchange-crosstenant-fromentityheader: Hosted
x-ms-exchange-crosstenant-id: 38232421-5782-4ab7-b642-8e1f6443d93f
x-ms-exchange-transport-crosstenantheadersstamped: BN6PR11MB1954
x-ms-exchange-transport-endtoendlatency: 00:00:01.9721062
x-ms-oob-tlc-oobclassifiers: OLM:1091;
x-ms-exchange-antispam-messagedata: zua0dXIybzPP1eG6Zr/uNRggeXUQMcmYJJE1Z2vrsycnSn6tnpHJcCKPXepRdVLt1pJnBvvcu0iEWHRQkORi8PwvqGZKUh1+XCQ6b55vTlTR8ZxDggDXNiLTg5Vt5LWXGu/XUPNQ50KvChn6WIwwaDSkB2J97AYO6YiF4u6NybobxwpyROlgqAmeTk2CTjNNmdcUFpY6jqhvtk/yN0sJBsZRfRCdom1W9o+DsZBGHQjA6VNu7+YVCNvSd4IK3rLW2aR1tMzk+I0d/m1w/epl7cj3LYHIPa1aqg6Rtm4YhpW1RIXcjC3vTLzIgBkLFu89Cd3sjMnoqUtFo7YHJCDkgEVaqJo5e4vYd+4HmFQMGdQfWILa00YEsznhnoeK3pRaxGZbQ8LbalVOlcgqtdEErNDmWi91/lZcKo4DENxmnghG1bREmxsDkljwzj/f4YiFLlkv7O940mCOj7/3q0hu8uzFcYz3BUrrnKUCuAo88jwRkQanKBeEpFyQ4oHG5quWkJJpNb37TaKwKU8uTh96r1b36a1Ixt+1wpXOQJcVM4vcxlWjhRx/WnRbaphwC0PUtBlD2sJ8j0cAzgEePJ6/ngr5Senc5txbZFWBLYucjUr+Nfi1OQIAWRXE12GnrpnYCGvs0nWNEgh8yTebRDk6AQ==
x-ms-exchange-crosstenant-network-message-id: 1975c377-2313-4f57-c279-08d83faebab9
x-ms-exchange-crosstenant-mailboxtype: HOSTED
x-ms-exchange-crosstenant-userprincipalname: NnRE96bNmf38Ha/8irQyCxPyvDwwDxxh0O6XRW5q/4DLlknctnWkTLNKMWyxg+/W3YyerSm7MgeeIcm3l7xsZA==
x-ms-exchange-processed-by-bccfoldering: 15.20.3283.015
x-ms-exchange-crosstenant-authas: Internal
x-ms-exchange-crosstenant-authsource: BN8PR11MB3667.namprd11.prod.outlook.com
X-Microsoft-Antispam-Mailbox-Delivery: abwl:1;ucf:0;jmr:0;auth:0;dest:I;ENG:(750128)(520011016)(520006050)(703014)(944506458)(944626604);
X-Microsoft-Antispam-Message-Info: chdHoffJtVd0npB5UP5eS+hILvg1BWqrwY+bt9AHY9n5CkHKJWzTpEWhNkjB1o6ROH+/zL9HZ7Jbb3nGHieTWBiixJ3IyIQPKdMDMZH19mlFi54vK9M5eh1CSsfflMdDlhfaOmJscsLH/OlUTujw5dWrMsIH29SQi3JD7PQZ0U9WEBYyifgxT1mZcvTvaFaN7PTtG3EsZDuutKZDoARc7kTFdbVU9DjIcYU8hPgib3ZhSr3DTQ+9wWVKiyqSHDUSiwiO50Yylqr5nMpnMjnrTLG+KvW61+Ps3EeM1sVwmXwAnixUG1VHSx3BQxuVovrv/D/t6sLpsYzKDbkYaZ7Olu/wwmPhI6uDzyGmemi8JqJgGOcAiXfKh64oxwbQEu0uUjVASro2oq2sfavLQ2ggxTmIvg159U+5ZHCrXbpysM0=
Content-Type: multipart/alternative;
boundary="_000_BN8PR11MB3667001C41137923906F1A6DA4430BN8PR11MB3667namp_"
Importance: high
X-Priority: 1
MIME-Version: 1.0
Received: from MN2PR11MB4125.namprd11.prod.outlook.com (2603:10b6:3:d4::15) by
DM6PR11MB4626.namprd11.prod.outlook.com with HTTPS via
DM5PR05CA0005.NAMPRD05.PROD.OUTLOOK.COM; Mon, 10 Aug 2020 15:58:35 +0000
Received: from MN2PR11MB4063.namprd11.prod.outlook.com (2603:10b6:208:13f::22)
by MN2PR11MB4125.namprd11.prod.outlook.com (2603:10b6:208:155::24) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3261.16; Mon, 10 Aug
2020 15:58:34 +0000
Received: from MN2PR11MB4063.namprd11.prod.outlook.com
([fe80::b898:36f5:61cb:42ca]) by MN2PR11MB4063.namprd11.prod.outlook.com
([fe80::b898:36f5:61cb:42ca%7]) with mapi id 15.20.3261.024; Mon, 10 Aug 2020
15:58:33 +0000
From: John Bellefeuille <jBellefeuille@montante.com>
To: Joshua Gillebaard <jgillebaard@montante.com>
Subject: Fwd: New Grit Seed Account For Montante Construction
Thread-Topic: New Grit Seed Account For Montante Construction
Thread-Index: AQHWbypV0F7sWmUaXUSRWxjp8DGI9akxf97d
Date: Mon, 10 Aug 2020 15:58:33 +0000
Message-ID: <9DF8C5B2-3FB9-4AEE-AAE6-EBBDABD900ED@montante.com>
References: <01000173d8f9022c-abc109c9-b763-418d-aaea-d77f73e40824-000000@email.amazonses.com>
In-Reply-To: <01000173d8f9022c-abc109c9-b763-418d-aaea-d77f73e40824-000000@email.amazonses.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Exchange-Organization-AuthMechanism: 04
X-MS-Exchange-Organization-AuthSource: MN2PR11MB4063.namprd11.prod.outlook.com
X-MS-Has-Attach:
X-MS-Exchange-Organization-Network-Message-Id: 1f2c963f-242a-45c5-9e3e-08d83d463c22
X-MS-TNEF-Correlator:
X-MS-Exchange-Organization-RecordReviewCfmType: 0
x-ms-publictraffictype: Email
x-ms-exchange-organization-originalclientipaddress: 2600:1017:b105:52c0:74e3:5ede:51e:4449
x-ms-exchange-organization-originalserveripaddress: 2603:10b6:207:17::26
x-ms-exchange-organization-submissionquotaskipped: False
authentication-results: montante.com; dkim=none (message not signed)
header.d=none;montante.com; dmarc=none action=none header.from=montante.com;
x-originating-ip: [2600:1017:b105:52c0:74e3:5ede:51e:4449]
x-ms-office365-filtering-correlation-id: 1f2c963f-242a-45c5-9e3e-08d83d463c22
x-microsoft-antispam: BCL:0;
x-ms-traffictypediagnostic: MN2PR11MB4125:
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:-1;SRV:;IPV:NLI;SFV:SKI;H:MN2PR11MB4063.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:;DIR:INB;SFP:;
x-ms-exchange-crosstenant-originalarrivaltime: 10 Aug 2020 15:58:33.7332 (UTC)
x-ms-exchange-crosstenant-fromentityheader: Hosted
x-ms-exchange-crosstenant-id: 38232421-5782-4ab7-b642-8e1f6443d93f
x-ms-exchange-transport-crosstenantheadersstamped: MN2PR11MB4125
x-ms-exchange-transport-endtoendlatency: 00:00:01.5664223
x-ms-oob-tlc-oobclassifiers: OLM:1751;
x-ms-exchange-antispam-messagedata: JL6J3X2i9IsuMStjWXgzcphGOPHGIv9ZDeiPFkXjDLR9Mh3/8LKBswAxpKWiI3cQiGHAtgTmQ9qI95wf2Iivw6o6dqm8/ekAKdkUGndfqIcIkaZ1JmNNeGF3Z2lSp0FHawPIRo6frwtowfq+pjILRPPjR43uPpHK7NIzsS32K6Ov+ewRVnGLf7TpMiOUzkOTNc+1wn7WT6Kc6UcY+QUrkt2MTWs4maah0nJcAfBQ/PrV4dMbRP7j2fMHjYKWd/40KwVLYrDhEY2EXqT0PatEyBOlRfNFjjp2Xcslgq8DztuGeUxosi+naETgbsop0DVNkIcRWYZ/te8tpnsCj4sYL9offjAMDbVMBiRkNcur+fEpUhz+O/z0zafF8Ru9x05UzBw1cm4tEUu34o+T0dmcraKYD24yJh9FYdsa1AS9lAu5nm8uskrv4g9T3AgHRGH2T/GaEvBLdZkm/7dUmnAEfWqiqzL2TMX3FcSMPJuCj29z9BDekJfeiHPN9eHmhQSQCtlPE+LUJ3AyGWOXfzPyj1tyMZgeZGZJAxzWuIGeoD+s6DKHdmdgE84TeKNKlISPl/vvztLX15255zVqFMRnlhzpP0Uc4cdlJY1iJZ4DR+4wMsCobhWJ3u5ZubFkokbE3WyCKLFLwcIEGvtPNeJRnQkRcsOM55TOpc+b9ZjlOwHuLvaPt0EY3qPOiKSUQDtnZ2UNAww2VRwdbnpDGuREFA==
x-ms-exchange-crosstenant-network-message-id: 1f2c963f-242a-45c5-9e3e-08d83d463c22
x-ms-exchange-crosstenant-mailboxtype: HOSTED
x-ms-exchange-crosstenant-userprincipalname: pkcQqF2MmX9r5+zW+aVRClMN897wUJNTop2fbiAOkP9FJf0w62Zl/H1jgQeTQYLH7loY6MZ0R/afiX5XaIrWMBw02YqcesYA82fTpPE1ReI=
x-ms-exchange-processed-by-bccfoldering: 15.20.3261.024
x-ms-exchange-crosstenant-authas: Internal
x-ms-exchange-crosstenant-authsource: MN2PR11MB4063.namprd11.prod.outlook.com
X-Microsoft-Antispam-Mailbox-Delivery: abwl:1;ucf:0;jmr:0;auth:0;dest:I;ENG:(750128)(520011016)(520006050)(703014)(944506458)(944626604);
X-Microsoft-Antispam-Message-Info: Bhp5h0Wf4qD6nrYtf6Pqb/RlRe+AirzR/o5xRMvDUlo4t/ETWweHWEoerNzLnlc7kPt4HkjHMZyPLA5gpW8p1Ld/JOrvHSqZ7O83ZiFyaiZ2BQZ710ptBF338Z+U3FGmLASdSWwR9Ox/VGR8m+kPxzJ1UmIRlu8BY2OF/CUMFp5akLb+y53M5BsANh7fDEVk+FXVYjajw/rFT9byRqnVAnL7ldQWJAZi/rnyFbLcYy0uVYbXFu+CO8UtynvGXRjhDW0zSbjefmP03g2OErFBl24QaZUXiIP2m9WGiEzD5x4OBiJKs6i+YbtKDokhESdKQUPgJjLje8tyycmhDelbwmz2OybOkCpGWSKy/Rx32VP37btKGBaDlpBY9fdrbKjdUco+OCHMJK588jqVSfJoVTg+1XPnTeK0eCqUt0kBBCc=
Content-Type: multipart/alternative;
boundary="_000_9DF8C5B23FB94AEEAAE6EBBDABD900EDmontantecom_"
MIME-Version: 1.0
ASKER
Dr. Klahn that was really great however could you break down the explanation a little more? Having a little trouble following.
Best thing to do would be bring your email support person in on this discussion. They'll know the jargon and methods.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
"header.from=montante.com;
Since the obvious intent was to spoof email coming from inside your own block, you could either set a DKIM policy and strictly enforce it for emails purporting to be from your own domain, or write a filter to drop, destroy or at least flag email purporting to be from your domain but coming from IPs that are not either your MTA or within your network.