SPF question

Given the SPF entry below for ficticious domain ABC.com

v=spf1 ip4:50.50.50.0/24 ip4:50.102.50.0/24 ip4:50.62.161.12 include:spf.protection.outlook.com include:amazonses.com -all


An attacker spoofs an email from john@abc.com and sends it to bob@abc.com.  Inspected the headers show  this:

1      *      192.3.21.34      smtp-relay.gmail.com      ESMTPS      3/19/2019 6:21:22 PM      Not blacklisted
2      1 Second            mail-io1-f102.google.com      SMTP      3/19/2019 6:21:23 PM      
3      0 seconds      mail-io1-f102.google.com 209.85.166.102      CO1NAM03FT012.mail.protection.outlook.com 10.152.80.99      Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA)      3/19/2019 6:21:23 PM      Is on a blacklist
4      1 Second      CO1NAM03FT012.eop-NAM03.prod.protection.outlook.com      SN6PR0102CA0028.outlook.office365.com      Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384)      3/19/2019 6:21:24 PM      
5      1 Second      SN6PR0102CA0028.prod.exchangelabs.com      BYAPR01MB4919.prod.exchangelabs.com      Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384)      3/19/2019 6:21:25 PM      
6      *      192.3.21.34      smtp-relay.gmail.com      ESMTPS      3/19/2019 6:21:22 PM      Not blacklisted
7      1 Second            mail-io1-f102.google.com      SMTP      3/19/2019 6:21:23 PM      
8      0 seconds      mail-io1-f102.google.com 209.85.166.102      CO1NAM03FT012.mail.protection.outlook.com 10.152.80.99      Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA)      3/19/2019 6:21:23 PM      Is on a blacklist
9      1 Second      …

Hallo Experts
       
I would like to collect the following Threat Artifacts from a compromised Windows System:
     

• CPU

• Routing-, ARP- & Process tables

• Memory

• Temporary files

• Relevant data from storage media

   
What would you collect? Is there any best practice from NIST or anyware?
 
Thanks a lot

Hi

We have move to 0365 and the exchange online protection is not very effective. We are planning to go with 3rd party spam filtering system. .

We are a education establishment .Please post e any good products that you are aware of.

Thanks

System/Setup:
I'm trying to Block some SPAM that the user is forging our Email Addresses.   I Have SPF Records setup and have tested them and they seem to be functioning fine.   Though we are still getting emails from us to us though they are not coming from us.

The From: Header has my email address in it, so it looks like it came from me, though the sender used the Following Headers, which I think caused the SoftFail on the SPF and managed to get the email through.


I've just started to look into DKIM/DMARC though still learning what it is all about. I'm not sure if this would prevent the email from reaching us.   Would it? Is there something else I can do?

Here is a copy of one of the emails with Most all of the Headers. My IPs/Names/Emails have been edited. I've removed all of the X-Microsoft-Exchange-Diagnostics: Headers.

Received: from BYAPR15MB2310.namprd15.prod.outlook.com (2603:10b6:a02:bc::33)
 by BYAPR15MB2312.namprd15.prod.outlook.com with HTTPS via
 BYAPR07CA0020.NAMPRD07.PROD.OUTLOOK.COM; Tue, 5 Feb 2019 20:33:15 +0000
Received: from

…

Hello,

someone is spoofing my mail domain.
I have SPF record and it is not enough to stop spoofing.

I didnt know how spoofing is easy :-)

"Find a website like deadfake, which describes itself as “a site that lets you send free fake emails to anyone you like.
Or anonymailer.net. Or spoofbox.com. There are dozens. Many of them are free, some cost a little money to send mail.

    Enter your recipient’s email address in the To: field.
    Put whatever email address you want in the From: field.
    Craft your message and press the Send Now! Button.

"

So,what are my options?I have ptr and spf record.
To configure dkim and dmarc?
Any advice?
Please,can anyone explain how to implement.I have 4 email domains on mail server.
Is there any dkim&dmarc tutorial for dummies :-)
Thank you

I need to add a spf record to avoid spoofing and I use register.com as dns provider. They told me to add the following into the txt record.

@     "v=spf1 include:spf.registeredsite.com ~all"

I did that. When I sent a test mail to my gmail account, the mail went through but the header showed me it is has a softfail and the error message is as following:

pf=softfail (google.com: domain of transitioning me@mysite.com does not designate 192.168.0.1 as permitted sender) smtp.mailfrom= me@mysite.com;

For your information, my A record is the following:

*.mysite.com        10.10.0.1     <- webserver
mail.mysite.com      192.168.0.1   <- emailserver

Note: Please pardon the email address and ip addresses in this post are not real for security reason.

We had to upgrade to reCAPTCHA v3 from v2.  I am seeing a lot more spam coming through the sites... wondering if anyone knows how I can adjust settings or something to help.

thanks

What is the best spam filter for AOL Desktop Gold under Win 10 ?

I've recently enabled SPF/DKIM/DMARC for our email system.  My understanding is that this will help fight email spoofing?

But what about other malicious email events?  How do I thwart email virus and attacks coming from sites that are not spoofing?

WordPress site getting SPAMMED, not sure how to stop it.

My website, FortressHarvard.com

has a Download button, and when you fill your Name and Email, then click the button, you get an email with the URL to my book's Preface and Chapter 1. Also, I get an email to my "info@" email's inbox with the name and email of the person requesting the downloading.

I am getting spammed there, by some sort of robot, and do not know how to stop it.

This started yesterday morning, and continued every few minutes, non-stop. I even added a CAPTA requirements this morning, but that had no impact.

How do I stop this SPAM?

Thanks

Hi,
What's the best anti-spam-virus cloud filtering service that one can use before email arrive to my internal Exchange Service?
I use to use MXLogic which was bought by McAfee which discontinued the service and I moved to ZeroSpam which is not that good.
I have been told ProofPoint is really good but couldn't find any reviews or gatner,
tx!

Using Exchange 2013, is there a mail to block internal user usurpated email?

More and more users are getting unwanted email like « From: "legitusername@contoso.com" realspamsender@windowslice.com »
I'm looking for rule that block mails displaying @contoso.com that aren't sent from consoto.com email adresses.

Any help woud be appreciated,
Thanks!

Here's the good news about the user - they are 89 years old, and receive and send email and texts on their iPad and iPhone.

They are having problems with AOL/Yahoo email

The issue is that they cannot receive email from their son, because for some reason, their son's company domain is on some sort of blacklist.  The company uses Outlook 365 and some sort of mail authenticator  mime cast.com

AOL doesn't have a whitelist option yet.
They have identified the messages as being not spam in the Junk box, but that doesn't stop the mail from going into the junk folder.

It is too much to ask an 89 year old person who has mastered email on devices to change their email address.
I have instructed them to check their junk box as regularly as they check their inbox.

It would be nice if there was a way to get the AOL/Yahoo filtering system to allow mail from the company domain.

I have attached a header from a message that was sent to junk, if that is of any help.

MXtoolbox has analyzed and found messages to be on a blacklist



Thanks.

-------------------------

X-Apparently-To: jwb@aol.com; Wed, 24 Oct 2018 19:01:52 +0000
Return-Path: <john@pxxxxxxp.com>
X-YahooFilteredBulk: 63.128.21.182
Received-SPF: pass (domain of pxxxxxxp.com designates 63.128.21.182 as permitted sender)
X-YMailISG: RD0lkWgWLDt9Eokj4OV7S0B0GjdN9EXqXiK_FGw9i6AP6Su3
 SoPLLyRX6Gstjx7xgDzW.hDYmw7WDObZs1yGDcCgTZPU.0RpAY8d5LC1ve8K
 …