SPF Handling for subdomains

Discussions on webmail and the Professional version.
Post Reply
dbacher
Posts: 4
Joined: Fri Dec 07, 2012 12:49 am

SPF Handling for subdomains

Post by dbacher »

Intuit specifies this SPF for intuit.com:
v=spf1 include:servers.mcsv.net include:_spf.salesforce.com include:_spf1.intuit.com include:_spf.centercode.com ip4:208.74.204.0/22 ip4:69.20.83.154 ip4:166.78.224.177 ip4:96.43.144.65/28 ip4:96.43.148.65/28 ip4:96.43.151.70/28 -all

I received these headers in a Phishing email:

Code: Select all

Received-SPF: none (battlebazaar.net: o3.e.notification.intuit.com does not designate permitted sender hosts)
Received: from 93-56-16-241.ip287.fastwebnet.it ([93.56.16.241]) by battlebazaar.net with
 MailEnable ESMTP; Wed, 21 Oct 2020 06:21:34 -0400
Received: from [56.76.211.197] (helo=PEVUKOV.BYLAZUS.eps)
	by 93-56-16-241.ip287.fastwebnet.it with ESMTPA 
	id 2F85FD742F
	for xxxx; Wed, 21 Oct 2020 11:21:33 +0100
To: xxxx
Subject: [SPAM ASSASSIN]Invoice 89938
Message-ID: <e5eaa22189d62b05b5.67cb7d8c@o3.e.notification.intuit.com>
Date: Wed, 21 Oct 2020 11:21:33 +0100
From: "\"Intuit E-Commerce Service\"" <quickbooks@notification.intuit.com>
MIME-Version: 1.0
Content-Type: multipart/mixed;
 boundary="--_msm/4yMEhsUvWX3x1Jfe"
X-ME-CountryOrigin: IT
X-RBL-Result: Generic, Fail
X-ME-Content: Deliver-To=Junk
X-ME-Spam: High (1030)
Return-Path: <foolscap6@o3.e.notification.intuit.com>
So it looks to me like this should have found the SPF record and rejected the message, unless I'm missing something. I'm on 10.30, will install 10.31 - but won't know if it impacts unless the phisher sends another one.

Post Reply