Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Did Aruba DKIM-sign a Bitcoin hoax spam email?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Did Aruba DKIM-sign a Bitcoin hoax spam email?

sundaymousesundaymouse Member
edited November 2018 in Help
Received: from smtpcmd01221.aruba.it (smtpcmd01221.aruba.it. [62.149.158.221])
        by mx.google.com with ESMTPS id y68-v6si1666567yaa.169.2018.11.15.18.35.13
        for <[[email protected]]>
        (version=TLS1 cipher=AES128-SHA bits=128/128);
        Thu, 15 Nov 2018 18:35:14 -0800 (PST)
Received-SPF: softfail (google.com: domain of transitioning [[email protected]] does not designate 62.149.158.221 as permitted sender) client-ip=62.149.158.221;
Authentication-Results: mx.google.com;
    dkim=pass [email protected] header.s=a1 header.b=anQwxL6G;
    spf=softfail (google.com: domain of transitioning [[email protected]] does not designate 62.149.158.221 as permitted sender) smtp.mailfrom=[[email protected]]
Received: from Detective67320 ([185.142.22.173]) by smtpcmd01.ad.aruba.it with bizsmtp id 0Sb91z00W3k494x01SbCVN; Fri, 16 Nov 2018 03:35:13 +0100
Content-Type: multipart/alternative; boundary="wt0RWgKnY4yYVt2JZiZfVZ1HPHLiPcaGNAqch0lkVEgBW9zeIIbXcT7xiaPPRt"
MIME-Version: 1.0
Date: Fri, 16 Nov 2018 02:35:11 -0000
From: [[email protected]]
To: [[email protected]]
Subject: Security Alert!
Message-ID: <[email protected]>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aruba.it; s=a1; t=1542335713; bh=7P47ajvarB4zwDn5GO4dLTVwSKG4lG0sNBNnm/5s3lU=; h=Content-Type:MIME-Version:Date:From:To:Subject; b=anQwxL6GGWNPs63axNSa7LNP0jP4HRT2frKVhEkZVBoLsmv4ho6bPglUo5BpP6ArT
    Xy5Qam9WkCei2KJdcGFcdf6XATf84S4kB+Svm7EKCzA86hBaUfc18PGIVxEqatTb7x
    TDg3hgvsdUvdl5K1IcZAicsJWtF/C4hsBiTNz5z1rOXyrGxCJGsNUGgWueC7IJelyR
    Z/2R7hmNE0U587QRNxzxeRkIK68urNCVyO2VIgu6NRz3R4MO7BccqB1YR7IhAsM13n
    oXzbhhU/o8+xfLwzjPLWEsOKmpm+QYhs96aOXc6lDiFiBJmkQ5q3I6v9Lc/pLRZ/ls
    +5QWcJGk1HeUQ==

Bitcoin threat scam emails with leaked passwords are floating around these days. This one went into my GApps spam folder as usual, because of failing SPF. DKIM is however curiously a pass, but not signed by a domain considered as a trusted origin of my domain by Google, so did not affect Google's judgement.

I don't know this very much, so would like some help reading this here: why would aruba.it have signed it on selector a1?

Doesn't look like an open relay to me

telnet smtpcmd01221.aruba.it 25
Trying 62.149.158.221...
Connected to smtpcmd01221.aruba.it.
Escape character is '^]'.
220 smtpcmd01.ad.aruba.it bizsmtp ESMTP server ready
helo me
250 smtpcmd01.ad.aruba.it hello [xx.xx.xx.xx], pleased to meet you
mail from: [[email protected]]
550 5.1.0 1Bqb1z00B5TepDV01BqlG2 authentication failed
Connection closed by foreign host.

Comments

Sign In or Register to comment.