Ci sono domini disponibili per le società di sicurezza per testare lo spam? [chiuso]

Naviga le tue risposte
0

Mi scuso se questa è una domanda stupida, non ho molta esperienza in questa particolare area.

Lavoro per una grande azienda che ha, a mio avviso, una visione paranoica della sicurezza (gli sviluppatori hanno avuto l'accesso al prompt dei comandi rimosso per alcuni giorni perché rappresentava un "rischio per la sicurezza", fino a quando un numero sufficiente di persone ha gridato che a) stava fermando gli sviluppatori in realtà facendo qualsiasi lavoro, e b) PowerShell era ancora disponibile). Negli ultimi giorni, a seguito di un'e-mail su come rimanere vigili per le email dannose, abbiamo iniziato a ricevere alcune e-mail dannose.

Per ogni e-mail, ho esaminato l'intestazione della posta per curiosità e tutti hanno avuto l'IP del mittente come un indirizzo IP registrato per la società, ma inviati da domini diversi registrati a terzi, l'ultimo a uno in Svizzera.

Quali sono le probabilità che si tratti di email maligne autentiche inviate tramite il server di posta della società o ci sono domini che il dipartimento di sicurezza IT interno di un'azienda può utilizzare per inviare e-mail di "spam di prova" ai dipendenti?

EDIT: come richiesto, l'intestazione è sotto 

Received: from AM4PR44MB1666.eurprd69.prod.outlook.com (12.104.79.15) by
 VI1PR04MB1679.eurprd69.prod.outlook.com (12.104.85.17) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id
 15.1.1198.14 via Mailbox Transport; Mon, 26 Jun 2017 16:24:44 +0000
Received: from DB5PR64CA0024.eurprd69.prod.outlook.com
 (2a01:111:e400:598c::34) by AM4PR44MB1666.eurprd69.prod.outlook.com
 (2a01:111:e400:59e6::16) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1198.14; Mon, 26
 Jun 2017 16:24:43 +0000
Received: from AM5ETR02FT524.eop-EUR02.prod.protection.outlook.com
 (2a01:111:f400:7e1e::209) by DB5PR64CA0024.outlook.office365.com
 (2a01:111:e400:598c::34) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1198.14 via
 Frontend Transport; Mon, 26 Jun 2017 16:24:43 +0000
Authentication-Results: spf=fail (sender IP is xx.xx.xx.xx)
 smtp.mailfrom=salary-standard.com; tomatoes.microsoftemail.com; dkim=none
 (message not signed) header.d=none;tomatoes.microsoftemail.com; dmarc=none
 action=none header.from=salary-standard.com;
Received-SPF: Fail (protection.outlook.com: domain of salary-standard.com does
 not designate xx.xx.xx.xx as permitted sender)
 receiver=protection.outlook.com; client-ip=xx.xx.xx.xx;
 helo=reply.example.com;
Received: from reply.example.com (xx.xx.xx.xx) by
 AM5ETR02FT524.mail.protection.outlook.com (12.102.8.124) with Microsoft SMTP
 Server (version=TLS1_1, cipher=TLS_RSA_WITH_AES_256_CBC_SHA) id 15.1.1199.9
 via Frontend Transport; Mon, 26 Jun 2017 16:24:43 +0000
Subject: [Potentially Suspicious] Salaries 2016 - The Financial Services & Insurance
 Benchmark Study
Authentication-Results-Original: tompuss.example.com; spf=None
 [email protected]; spf=PermError
 [email protected]; spf=None
 [email protected]
X-SBRS: -2.9
Content-Type: multipart/alternative;
    boundary="===============1289836573990547394=="
MIME-Version: 1.0
From: "Rupert de Mol, CEO " <[email protected]>
To: Someone Smart <[email protected]>
Message-ID: <20170626162429.30246.40872@example-email>
Date: Mon, 26 Jun 2017 16:24:31 +0000
Return-Path: [email protected]
X-MS-Exchange-Organization-Network-Message-Id: c9cac624-ffa6-4fda-be71-08d4bcafda62
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 396b38cc-aa65-492b-bb4e-3d94ed25a97b:0
X-MS-Exchange-Organization-MessageDirectionality: Incoming
X-MS-Office365-Filtering-HT: Tenant
X-Forefront-Antispam-Report: CIP:xx.xx.xx.xx;IPV:CAL;SCL:-1;CTRY:FR;EFV:NLI;SFV:SKN;SFS:;DIR:INB;SFP:;SCL:-1;SRVR:AM4PR44MB1666;H:reply.example.com;FPR:;SPF:None;LANG:en;
X-MS-Exchange-Organization-SCL: -1
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1;AM5ETR02FT524;1:VM/7nqVXvbNr+JLLHHlYkNqSXt1gP6a1cdEQA7YHh4?=
 =?us-ascii?Q?mA0NFHpMF1o4WPcOe8m2qck9OJL5mAj+G8Tne+TED7LDmZB2RfhJzfjOweNP?=
 =?us-ascii?Q?J9TNkBYYheIXZS5X2Sh9RZJZjY9Co+WdPc184L4RO9I+Ivip3PahsGJioO+2?=
 =?us-ascii?Q?TMNj3LOjuiyPFs7qPvwpzZQJJ41JFvinUdMFiK4WUjX/b04vAJRCtoBT7pji?=
 =?us-ascii?Q?E0CvRItH0+6cMNM2LwgyBD+bElCXA0A+1PMehy2sghIRwDQueTC7Dp7Vt5Dv?=
 =?us-ascii?Q?OYZ+YtG0jol93DCCb2AfbTn7H7aU9cfiakxyU6EyRraJ4aQOUMlq7gRc3YF+?=
 =?us-ascii?Q?7U0T7ugbDVLJPQIPdNxx+ao2ROPck1rBCqKeiuIA40AgrLyh1XzqBJN6c+N2?=
 =?us-ascii?Q?iio+fnpMnOvi9k7vf2ZhNVoac9ElSQbc82F1NcxIvr3V86SA1sM2uOC6K02o?=
 =?us-ascii?Q?NtE6NFLkiuAUk9r5KBwmPTt6GQQA6jBqW5ckc7CeFpHHJplLsH1Y5UTx5Xxw?=
 =?us-ascii?Q?dGs9J/5o/KsesTdfvPo3wN0Pix50MNuM29gSgnR6a4C18gaXFgTft9UO8vET?=
 =?us-ascii?Q?DQTHBtshItcDaWnFtu9h+ELGiI/IlEfLJmMuf8sAplmIOaSgGielDnSdnV/Y?=
 =?us-ascii?Q?a5z4lm/8r4IXQbD61DV3D+Zx5AM6sshfMoDm229sPeR6loHcgFcZrcwOGsYP?=
 =?us-ascii?Q?sGxli75jucalh/cgSdnMI8bNbDurivHDT6uOr6ng5DY4sqvzenrmtoP3jY4d?=
 =?us-ascii?Q?1GKnCxP65jxyOPrO8niXQhmlS5cH+ssKT708wjKsDL4CqflvHk60sPGYnx40?=
 =?us-ascii?Q?c5aZoV80WrRnEfZDv1Pkp0giP/DLTtxXDilVG6Xa48otmY7I8WJXtB8OypN2?=
 =?us-ascii?Q?YmNQqXOIOxmEnLh9OwJHADjzrmG4rPSQqtDxr89xD8zmtgxCZM4svn+H+vlC?=
 =?us-ascii?Q?P4fjjjRN2g5JSuSsqUOkKnGV8HVcFTeDXnbkYU6MigVZzVE29U/6McamU2o2?=
 =?us-ascii?Q?U2ZH/nTzzNaQrlrByP+nOawLy+AIfEW84DKYxJcYpjtiKuqF8rLmGFTMf0oz?=
 =?us-ascii?Q?nq6XmdYWYrBAQeQLU9Y0QOYzcdnsyQh76JAPlOJ4BtcHV/JQ=3D=3D?=
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: c9cac624-ffa6-4fda-be71-08d4bcafda62
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(23075)(300000503095)(300135400095)(49563074)(71702078)(300000504095)(300135200095)(300000505095)(300135600095);SRVR:AM4PR44MB1666;
X-Microsoft-Exchange-Diagnostics: 1;AM4PR44MB1666;3:izt5DyFyc5A15/7HTaJJaKbISuEgQHaI0qpSgHl4FFd6b8uzb0AUDEC+OK/d/RUY9eyjGPXGe5t+k+X4kC87mKF9l0J2zCvuzKqLSLGWMZ/Qc95a9KQ5fR+hT08BHSRYK+cnbSfquJgNPt/97HBb1C9LPQkVSBBUyzML90Gw/KyqyisG/y3k3oqWbcB9gCct65ZLAFkpz9nxXCrLAhcMpZWlitkmJ1OVuTnp8PHmYmwzgJ3SQHN9HniNxL/69FAB3iZvQ/tClB43zlM+hRFhwFPkO+s2sRmmJQhkL+RAfmEsuN+L7vjuqt8ggT5tNDoTxAMbkvyeVaRh+tauJMM3eRUyETUJooDWv+nWX4wpBHH2ljiSwhwjU3EPayZ8dFp6Jbz1Ng3F1A3lCztT78k8EIoN+uJDKBwwOfmEVKByDGk4YPBfl03hLFrUirBTki7O6IdCxgsMS4nGEyYHVFFTpuqWIp81S1DjCqKA2TadcEjeC3+fi6EXAwJJA40yw6/XbhiZJqtt7q1sgvpw6+5/q38Aeuiv/rui9CFIXgembPvxLuaw09+ZjkI754ElJ0jlHUaiKL1TgqSuKx5LToUN452Y06YpH4JqGbyYbUrkVlBDC6rhR/dDQVd4Jj2Au9ajabqbU4PvR00N8c26o3pjWWNL9tXFqp28GA8VrgQbq/oh1aCLi9qE33ZrM6mbECGs7gcFPNQYvxIStjoYbiSgoZLEmkMIXY8xMMNgy9CCE7C/WHmxTb1iG2+WsG9cq14FA1/8x7tEXatV8nBuHmsv1w==
X-MS-TrafficTypeDiagnostic: AM4PR44MB1666:
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1;AM4PR44MB1666;25:lmziY2+IVvCJxoZmr1WX7EvfdsR3msjBagaSiJLHH?=
 =?us-ascii?Q?FScHNVN8/09nw2A5fy3vFyWH2whHVLr5NvCHoYRayCz43+TFhSSU3emN5bg5?=
 =?us-ascii?Q?eokewhZd6DGX+QmUJ5S/ozOslW9Yx44XDneEsq3i5B89Cyi5VgK8KE0znnwD?=
 =?us-ascii?Q?nOysiAsAPb5UPqLbt51ReOwGeYLRopHhc8SrmtbFoeZ0wsLpe/BuIafrnSzs?=
 =?us-ascii?Q?fFhc7rVnWn4CMleNcXYqHgDPQEntV0D+pE5aH62KfhlqHdSCbzgnbryEG/eW?=
 =?us-ascii?Q?dVa6piks/uRclgegzKWwJ0BdbnlH2GgihfeyBLDSP8xIUaAUBlwE7UCoYmrb?=
 =?us-ascii?Q?TIYXt9djCPUGwHckvBkVg3CI4yhFz57LvCsWsuagDtfqMmpSHpeheflS6Bk7?=
 =?us-ascii?Q?d5HrGqFW14XNeQFLHvsWY9xRKRSxqOtuRG345ghkHGA4/zmDyY5ZXm/ylvD4?=
 =?us-ascii?Q?B928Zm3g13J2RTzk1/uNqsMhpoxK3YJxoo8gF2/epzBGC9gK7PdTOX7kRDpF?=
 =?us-ascii?Q?iIoB+NyIzJJipQAwKiKmXraD2bFb4i/fF/AQ0TM1GrgKwyGErQiLlXAfCBxa?=
 =?us-ascii?Q?BtOQIr1N7vO46TJkSBPwbahW8lWqPIsC/mqmYgyeqNaTd1a6BR3l75Kd/vZE?=
 =?us-ascii?Q?ZV5kSB60VyGm3NIibbpqBx7gHIA5vT+DuPmyaaFKD81B6XAQ5JX8wuSMZrdg?=
 =?us-ascii?Q?8HHS9CAA8lfafPXUo91KERu0uoCwFVXZVZiD7Pmbo5iPHPQxsGyw26ORAVeE?=
 =?us-ascii?Q?izXBVTblDVRuOOdZ+QDN/uL6m6Y5KPSZ26e3gUkZ2EWN65YZZa474bWYNOFK?=
 =?us-ascii?Q?XPE2p7poTMwcni+ukH6Q82rq86RJTPoFF+HCHLpanHDrQ+kxBeST32R/rDqe?=
 =?us-ascii?Q?wkqEz+SaVGIByIexMwdQ9nn88Iy4iU38XyqdYD1BtjI6B0rt2EWzx64syYsd?=
 =?us-ascii?Q?bfuDXB3oAcwlHKTPw2B9N4SKwM1msgGFa+ef+GS+A=3D=3D?=
X-Microsoft-Exchange-Diagnostics: 1;AM4PR44MB1666;31:x8XFhmoOze1JJqqleC4sV9aZK4lnvLX0+p1t7z9hdjkmDKhfHmepIYjyo3zPKzdvNZ6shZUrNqNtSiUyw9gLAmamQRCUWJsZJrX25+xEPVAfwl5W0Ve1vZ1kfyp0GypW8CYbO1xCP4cpC2k/Kwl/wJpuaXysNzGtWWj9wdLiKGdECsNdMvMqtgGw9H+5H7fQNOloHqFLhU4fcCccV/5QWumdpSIeb71ey8fW8umHi8cU2RfA109urdwB1JNKRazWwx6ZVKIDivr4on2zqSs5rAqStKY5RkB3pXhxd2hYZ1/TOXXq11ZIhFIduG9bCd9KFZQXsJWs2s4lrEfuMCfGIP2pydUb2Nq1PDYOvB6K84bhBmjOJF13ipBBucir41IXFJ4lbuEcX8dGPUGV6U8sGh8HWnekeD7lDsTKkzZ4RVUlf1EpQXUvAf8Hp0IyZ0Ovx35NQeQ7tcc2saGCq+qSF932crKeVBcKSca5shkojBuDwj08ssIWXfH05md7y282hqcmRXgi/wvtMfF2xKWoHnz66KCH+OckV1H/j8Rrl1rAMNpQUn0H8cGTl04Yj07n54pWyCuGRK7Uao7pZljGt0UuJz4MZHh3cfMUh4RIwUJ9luFhHbwfbI06XCqJeWykuuPAWf1kpDcFMXGmjS+zf6/tsWekigNTyKythv659ODI8/OrKu7UI1ZqxsHoJ6FteaBSGjdDJCwmBUWM7RS5w6MqWyGfdKmUHrEVaL17p/j6q03jf3igpFuX7s/KxC+TvB8JWfdutXuJtRDbZPYBb0pm2RZGLLHeniKu1l0DaLuoVguKANPX1tTijmZbspJWwOzvR2LMs7Viav1alGNYmw==
X-Microsoft-Exchange-Diagnostics: 1;AM4PR44MB1666;20:WodZTAE7FAvgmbiKWnTm28q7ifReJ+bxovvn3XGUb6J1Bs8EPRax7iLpLTO10T8qbejaJ8sWweVQly0RknEyTqpNNanNGH5Yp3VHuCWu0I1YRwbfwbzFhINh1rfGYZke63YI6CtaQacafpw/6Hf570e/0s5V9vCvr7V4qEYrXioMhzVF819+bHz7bf2ohCptN8Cs6mV8jgpoTfQxq9x9w1UZJYPp04NcBeXUq2I+hMP6wGrLwXHqiPD4shdPj5b8Zwr/FVT5h1GQw9iaNonQjeujEud92lB4lKDENyXskpF1PRwWzasaH7oxTqbBmxyy5Vj1GK/aDJ7z7DjgM9pWu7yAJCMYHGJrktVedJvlBbOZGyvJ8+TbOp+5x474AIU65V9sbrupPQIcNI3kiR/WxuGbSsKED7QsjEl4n55cMauSj8XLeS8nSJ3/N87D8k7Cwq0fIXegY7B+HLzKO1XzhYA1UrDdFSWp5c+94AIeyBCk0dKJ+NRbApZbQz8x0A60
X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(102415395)(41303006);SRVR:AM4PR44MB1666;BCL:0;PCL:0;RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095);SRVR:AM4PR44MB1666;
X-Microsoft-Exchange-Diagnostics: 1;AM4PR44MB1666;4:WIkIgZ0WNrGX+6pN7RMq+B6LvvDRv3FNVBnNdAZbZ2uxsp6WYe/otLsilxmBUpXQ/q9jXB6eb3cWLNy0v1+QzQGskMD0noTJmKhM5Ln+AjNTTBIwV8kiUskPDeGDBoviJ+VgU6F/t8YCp7rfp9qZb5off7Ps5FyM239fFdux960rTyvccJ1m4e+9CfyHDuBuPxcQIAmvyCnlZCQfq1FArR7abBtP0qQUq04kYJd3jd0xQ4QD2Ij2AE5tuvgmuXLxsw9/rbIyDj/IHfasB9kxsn8FIN8rKFBRFyKkj7sGBShTL9DYHdwAZrkSI30wy9zee6ukeGcqkXBBTtjrd5kqTrYFPxK6QPNY2tja2UdojmOwd7daik0Wwy8GItLj0z2BFy8an7PvUnkBrD7F5WvFbuqFiEmdyX6hsPNj01X+x4ekUI+fbfZSgdYepd+4aDywVQldqeR6wl8cdKdhNsrL2fSmOZn0nTMZcNWIolCzO5M=;23:Ds4ZNwuriSzh9zfS1SSRYMiB91yX7uJv5X0amScPSlCaKfnsVc6ew1OLh0Z6moePNQrt3yDDloXGHFN9c7sxxr+suoezp5JhXxn6gfumuJ+BQ/Q84z5xOIkUR8SoJBtVy5NwQ2NM368sCha1byirKvRTRJDAxv34IeUOsla9yq+knmI1prbj5OsK/apbkdD2
X-Microsoft-Exchange-Diagnostics: 1;AM4PR44MB1666;6:8bFifKttSzD1mUqBEykMrJMjFhRNCZ1AKq0d3CyasCicBwYEcytqSG6662JwhMLe4cZ6ay9Dy1P2p8+8SuHmFRtTnxb5RxCQMk/BSf7HqwpwszL2hnlDM/o5Ng0mztPnHOHSvkDR4GMzLw/bPWLJaEclTEZrOkTm0hu4OsXbmB3SWxT3tABAZy4wvBf0zDak7umCMVzxWqNC9q2nNGsnKKLodQN/mhdp6Uty5MGFTsA1I5SBT5LEOMX5VjmD08ol1A8nVsPmLEaRBf6uTIQVir9cXrxyHm7Gvu0UO7JqkbuGIfTIhAIjnJqsxcn9V6ARlvxq2gvykp/WtZd7i73TWJI+OjPflSAKn0I9KIUiOhM9Rvq7/m+vJIXMh5Ok7EBB2jI7hXeIYRBLC04Vg+2UuOty10Ov3RzJXLESPTm49trBCdzSpRD7gYQhvQSrEG7bwloVNVAQehgs6T3f6wx8PuonSLgP7nH7T8hEjwupwTmcy3Xh+e2rw0lK2uma88PFlCkcWEoZNRbl/ummraxWvx7IhrWJl2PhpZsg5nIUFhQswWsYhS/RYn3m82GvpITlab2QgxB4JRqJA+TiL9pGHoe98D+9PQhv9AaGCijq04uEgPmh9pSEemOHgU4yY65YIeTjYTnasj7hVwg0SQLfGbby4C3jmuTBpqKm2IRtAOtKdfRqBAitBZvqHkEvVTHoMlz88Q96DLdIg9eiSO3MqNnCf8mD/Sol+WqdBx/d864w2y4+Z5WILYQT+1CBZUOfWhDbOM1mI3QSyNloBP+cN7AQviAPBukvWleDxOySYM2L+D+ipKMI5oxrbijx4Z0b3DGuJGaz3mjreIT8dqiuyEdVN8sgs1OcX+BETvV6OZig8YtXrD6OXZnfU2xXBK9CTSaSSUlkI5UOkMV0qKnuO5NkF1w1VGlG3FzAweNyPOA=
X-Microsoft-Exchange-Diagnostics: 1;AM4PR44MB1666;5:g7jV8utccSW0QQoROVbq1dCJsZx8DWjbGUUykU25ONvGyaa2UXlERHUe1DZln2UsfQ5UMi2QyajpXxmpS3DUEl6a/ymk8MWTbWz3ZUT9tHH2cw1Y+ndrjQdt7CHxOl9TYxewKRdwNpCOYrh9JzIxktvWV/SS2/jc9heyPLWqIc0gJY3/jb1pmaxoWQzxWIkEEeshjM4XVLV37Z2AUWmclwJBY/h0DPKxumELN5Fmz87bOzmuRZnCAmvS5WH897clo82skg+zF85dN2O7TcxeKS2jUQMP+Dbne64979YQM3l6fy/GeIdWCJWoSpyFU6SzMdj5mCjUPm7v/UBfugHkQTrsoQN332WHsb/8QA7mHXEJQtS2rSM17W5miuwF4tGuaS0jbRdeR8A1a5ZIjV6WeHa0fKRTd0fWZOcvzGYH7RMUkdgxSqYPYLeBORECVLcZjQd2cZxORj2FKlJvOCizokCXM4C68LlCKUKTVdczL5RyN+vHLbL2SO2by+3iPgXk;24:WHkk01I0gnvGSGbsvCqNzNseb68HokWoJUuSswC8fga7MwN7FJSET7tiOKf4r29aVngPm38PS/zMOuvELv5NUWdkpiBnXhClqYaMaVDihKQ=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: SKN
X-Microsoft-Exchange-Diagnostics: 1;AM4PR44MB1666;7:IdspAtP0i7Kfs/rVVLHbayhhyObg5zLU3pUXhazzSFpmWuOg7lPj9PL2RhvGOz1JUctOQVED8fDGVKsRPZpuLkC1o5wrJoy6OoA8ecPUZEaCIdvODZQTHFoV6jC9gLKvhs292VG6pH/Cgs3iO5mru2LHNM3EFs9vkMaozQT1MvFZyx4dnO2OTqXf8mlQGt1ATe4HXQ4Id/jiX1n4w3pX+4rloeinvzrGizfZRC4JJhX4LCXeDB4PwBs7EP2LdrRzmnTdDpIEmTyuLbG/8nI/uyHxO5JNxGOx4q3uUyyK4KRJOSjbxquYAlYnXt/9UFu+0KUkWZYauyudrHmj6VBdBNNMDDY1oYmg8aQHOEV4Exv/9P4Pi9+V4c9UQMgQal+ez4R66sJKRlaITvCSq6GHAeagC6mU4PmFndRGeNO3cwyiHl0bNyokLp3O8kmm5GgJdtKx2xGjvniq5ilxyaAllcAa1xxC49Alxt3wHk5MDcmI6qPIqm0TqF2528vPiz7yA+zY2RoSXBuyFCTVMJQOAmxcyMnoQsDhJM974isPa40bSEMW684JXUBrhDdFEnrRTFP3j/LVcfhady3V5MINLupYH6q5l2CEeAsybMWFJBO6wxIMXlTevhovFyVzfANU8ysds7LowKGtA7Yi5ENdUBpy2EppUe6iRGK9/9CR5x1Ju/lAweBIy4KN7CiBzb//0f+u2MbuemRAYqx6EAPmhPjg7r4M7WjKEeK87uoAIlwZRKHjpeZo54SrHcicCYcwhN1BH7DNL3YibFrKyiSiKZAqhSUHRWtoyomNM//QKPEcXscNOTSK28myhbnYhs2UgVYiYzlZrIriki1zjhuvpuXxrzC/s8NhJmVRa3VXBpw=
X-Microsoft-Exchange-Diagnostics: 1;AM4PR44MB1666;20:zXO8lpFJKYvLYPUtTn5OKKV6HtayCLtKzT2Uq386Ad9i15pFJ2Wg2BxGkSbWU9cXyjbGZ3cUZW7ZGMRuCP0McQY1kzMQkODRcA6jO4hQ8hN/ycnxMml4pJf6ULXWcrNc86Q7p457upNKOua6cSMW0Rp2U5cYV40CesSSDv1uOTFa/6MoIudBapAp7mDFWPxQkBzWgLN6besgGraPEF/OXe+8A+krdLgX7cyRA9OUzjPIgq5a/XPRZHWg97ndofS+
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jun 2017 16:24:43.1223
 (UTC)
X-MS-Exchange-CrossTenant-Id: 396b38cc-aa65-492b-bb0e-3d94ed25a97b
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR44MB1666
X-MS-Exchange-Organization-AuthSource: AM5ETR02FT524.eop-EUR02.prod.protection.outlook.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Transport-EndToEndLatency: 00:00:01.4335628
X-Microsoft-Antispam-Mailbox-Delivery:
    ex:0;auth:0;dest:I;ENG:(400001000128)(400125000095)(520000050)(520011016)(750028)(400001001223)(400125100095)(61617095)(400001002128)(400125200095);
X-Microsoft-Exchange-Diagnostics:
    1;VI1PR04MB1679;9:nAE543Rl+wZ9GK3tKSq6QDf+ODRG3DxA8Xqq4cW5BPQOXu8hihJiksBGWwSHVBnWHUUWLhVTKsCRCuHCENgKQK4B5GA1snQEeHJz/Pdj6tMOgrXs1SzG1WS8gq15LrN657EYup2n+Aawcx0l9wDIbRZPQJc/t8l5Zh5/2sHykVeHmxyvee69at0/RS6pMhlsgPuKX5Z7jAgRPqcwh/nTBLo3aBYdSI8VANjJGECYck4oODSVStF3hHCw2CNv8XmnVYXbucAdNeJ6CA5HHseKnUYDTnTjCx9smFA13dkDJ9vzBV8DR/vGonI1MojQSFE8eXzhLjGBXX9BHyW5CCuYsgEL8DIIzHawgHyN4zccVuNytqHUjTAI52rnvDzP4rgtqli3o8uWikUKwQ/wnaKmQwaHnl9ZXZ1prb7Prz83HKLLM4sdNfLKGXbOXrNg2mry0qzC7y8Pkt7Dtdzb1I4mRSBq6FblNERsOxm7Eb6vmOGq9RgepkEgXSW6VUNVkiS8UnJCqMaky01rEw4/3jsTZO1Nm2PbSb76tp1TJyxHFSTzcVMfcXFm30VVeGObcBQC/AOZq2uf7ZAo71J8jVmcML0CC12GHOa+b45zUshx5MNUR0JU0wLeoFCwN6dkf9uZ41FdxHfRg5yvazXPzvVOhHqtYQ2P9j5SlG4Dd+f06W5nmdTFuGxJSvEuEf9VNAAEpmhrC7dUgZRappXOe+Ji1CTTFo3kXe0PrtYAubtGVuQAxiMyg84uLvgBICtYt5nRxztlhmp628IAbaZ2exyTOj4Yj8hpNrLn8UUL8bd3wcER78fBBKaFXq3tnf2Mwg/I
X-Microsoft-Exchange-Diagnostics:
    1;VI1PR04MB1679;27:spq9x+j0o08PPPi1Lhd0OTBgYAAJL2KEc6hkT7MxJL3A5fFDSdNqcI06s+94PfUoYCR0bCE1qIQktUbQMf/h7siX2v8nG1fIwsRHwHP/DAbqDIaZQoyBE9/aI/52iIGS3rlE7FBKERu1A4isCEBf+A==
    
posta Dark Hippo 27.06.2017 - 10:29
fonte

1 risposta

1

Basato sull'analisi dell'intestazione della posta mostrata e delle informazioni fornite:

  • L'intestazione iniziale ricevuta (in basso) mostra da quale indirizzo IP questa posta è stata inviata in primo luogo. Secondo la tua posta, l'indirizzo IP nell'intestazione (offuscato) è di proprietà della tua azienda. Mentre l'intestazione potrebbe essere falsificata, ne dubito perché tutte le intestazioni ricevute sono tipiche di outlook.com.
  • I risultati SPF mostrano un errore, ovvero non era previsto che qualcuno nel dominio del mittente acclamato inviasse la posta da questo indirizzo IP. Ciò rende molto probabile che il mittente sia stato falsificato.

Questo insieme significa che è probabile che i messaggi con un mittente falsificato vengano inviati da indirizzi IP di proprietà della tua azienda. Questo potrebbe essere fatto intenzionalmente come controllo di sicurezza da parte della vostra azienda come si presuppone. In caso contrario, potrebbe essere causato da un sistema infetto all'interno dell'azienda (ad esempio parte della botnet di spamming) che è probabilmente peggio.

    
risposta data 27.06.2017 - 11:40
fonte

Leggi altre domande sui tag

Servizio di hosting di posta elettronica protetto per uno studio legale [chiuso] Buon tempo di timeout della connessione TCP predefinito