New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Did Aruba DKIM-sign a Bitcoin hoax spam email?
sundaymouse
Member
Received: from smtpcmd01221.aruba.it (smtpcmd01221.aruba.it. [62.149.158.221])
by mx.google.com with ESMTPS id y68-v6si1666567yaa.169.2018.11.15.18.35.13
for <[[email protected]]>
(version=TLS1 cipher=AES128-SHA bits=128/128);
Thu, 15 Nov 2018 18:35:14 -0800 (PST)
Received-SPF: softfail (google.com: domain of transitioning [[email protected]] does not designate 62.149.158.221 as permitted sender) client-ip=62.149.158.221;
Authentication-Results: mx.google.com;
dkim=pass [email protected] header.s=a1 header.b=anQwxL6G;
spf=softfail (google.com: domain of transitioning [[email protected]] does not designate 62.149.158.221 as permitted sender) smtp.mailfrom=[[email protected]]
Received: from Detective67320 ([185.142.22.173]) by smtpcmd01.ad.aruba.it with bizsmtp id 0Sb91z00W3k494x01SbCVN; Fri, 16 Nov 2018 03:35:13 +0100
Content-Type: multipart/alternative; boundary="wt0RWgKnY4yYVt2JZiZfVZ1HPHLiPcaGNAqch0lkVEgBW9zeIIbXcT7xiaPPRt"
MIME-Version: 1.0
Date: Fri, 16 Nov 2018 02:35:11 -0000
From: [[email protected]]
To: [[email protected]]
Subject: Security Alert!
Message-ID: <[email protected]>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aruba.it; s=a1; t=1542335713; bh=7P47ajvarB4zwDn5GO4dLTVwSKG4lG0sNBNnm/5s3lU=; h=Content-Type:MIME-Version:Date:From:To:Subject; b=anQwxL6GGWNPs63axNSa7LNP0jP4HRT2frKVhEkZVBoLsmv4ho6bPglUo5BpP6ArT
Xy5Qam9WkCei2KJdcGFcdf6XATf84S4kB+Svm7EKCzA86hBaUfc18PGIVxEqatTb7x
TDg3hgvsdUvdl5K1IcZAicsJWtF/C4hsBiTNz5z1rOXyrGxCJGsNUGgWueC7IJelyR
Z/2R7hmNE0U587QRNxzxeRkIK68urNCVyO2VIgu6NRz3R4MO7BccqB1YR7IhAsM13n
oXzbhhU/o8+xfLwzjPLWEsOKmpm+QYhs96aOXc6lDiFiBJmkQ5q3I6v9Lc/pLRZ/ls
+5QWcJGk1HeUQ==
Bitcoin threat scam emails with leaked passwords are floating around these days. This one went into my GApps spam folder as usual, because of failing SPF. DKIM is however curiously a pass, but not signed by a domain considered as a trusted origin of my domain by Google, so did not affect Google's judgement.
I don't know this very much, so would like some help reading this here: why would aruba.it have signed it on selector a1?
Doesn't look like an open relay to me
telnet smtpcmd01221.aruba.it 25
Trying 62.149.158.221...
Connected to smtpcmd01221.aruba.it.
Escape character is '^]'.
220 smtpcmd01.ad.aruba.it bizsmtp ESMTP server ready
helo me
250 smtpcmd01.ad.aruba.it hello [xx.xx.xx.xx], pleased to meet you
mail from: [[email protected]]
550 5.1.0 1Bqb1z00B5TepDV01BqlG2 authentication failed
Connection closed by foreign host.
Comments
why can't you email aruba? aruba.it offers alot of services including email.
Not sure which of the two above are shitposts.
Not sure if this is serious or just a troll.
Mines.
this is they shared hosting, someoen on shared hosting just spam
Sent by script from hosting and PHPs mail() function.
Ah, that makes a lot more sense. Thanks.
LET sassy as usual.