Moin Community,
das Phising scheint wohl auch auf andere Art weiterzugehen.
Message headers:
Code
Return-Path: <725caff5@polifitness.it>
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mx2e30.netcup.net
X-Spam-Level:
X-Spam-Status: No, score=0.5 required=7.0 tests=DKIM_SIGNED,DKIM_VALID,
DKIM_VALID_AU,DKIM_VALID_EF,FROM_STARTS_WITH_NUMS,HTML_MESSAGE,
SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=no
autolearn_force=no version=3.4.2
X-Original-To: mail@MEINEDOMAIN
Delivered-To: mail@MEINEDOMAIN
Received: from polifitness.it (polifitness.it [88.198.12.114])
by mx2e30.netcup.net (Postfix) with ESMTPS id C4080160578
for <mail@MEINEDOMAIN>; Wed, 19 Apr 2023 06:44:40 +0200 (CEST)
Authentication-Results: mx2e30;
dkim=pass header.d=polifitness.it;
spf=pass (sender IP is 88.198.12.114) smtp.mailfrom=725caff5@polifitness.it smtp.helo=polifitness.it
Received-SPF: pass (mx2e30: domain of polifitness.it designates 88.198.12.114 as permitted sender) client-ip=88.198.12.114; envelope-from=725caff5@polifitness.it; helo=polifitness.it;
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=mail1; d=polifitness.it;
h=Date:To:From:Subject:Message-ID:List-Unsubscribe:MIME-Version:Content-Type:
Content-Transfer-Encoding;
bh=9iBVRpFjBJ1Z2U1v0SiaeD7jUm0zo40+YejOrm2IQLM=;
b=fIR/LDlmt4uum/ty8lt51qWo+p8pt500gL6qz7lBKvYLhg+TGROpS/zma0PIn1eGTiTEMPqY4azG
yPWMds/ZEBEE4rzHkd2lCEghwgn//ECd3b/3wnEGl9IJF8vLo14uxOCvYxi7a6imFym7Q6JVt02R
uZ46sHO2BwhSkXgoldg=
Date: Tue, 18 Apr 2023 23:41:54 -0500
To: mail@MEINEDOMAIN
From: Netcup <725caff5@polifitness.it>
Subject: Deine Domain MEINEDOMAIN wurde deaktiviert
Message-ID: <9179df892fba7765faaaae235734ae92@polifitness.it>
List-Unsubscribe: mailto:bounce666-3RpMEF5u0BmbeWv@polifitness.it?subject=list-unsubscribe
X-Campaign-ID: 6696166
X-mailer: Microsoft Mail version 6.7.0
Precedence: Bulk
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="1582899317e251c4803b77b7de6aed304"
Content-Transfer-Encoding: 8bit
X-Rspamd-Queue-Id: C4080160578
X-Spamd-Result: default: False [-3.01 / 15.00];
BAYES_HAM(-5.50)[99.99%];
PHISHING(2.00)[netcup.eu->giourosbikes.gr];
URI_COUNT_ODD(1.00)[5];
XM_CASE(0.50)[];
DMARC_POLICY_ALLOW(-0.50)[polifitness.it,reject];
R_SPF_ALLOW(-0.20)[+a:c];
R_DKIM_ALLOW(-0.20)[polifitness.it:s=mail1];
MIME_GOOD(-0.10)[multipart/alternative,text/plain];
HAS_LIST_UNSUB(-0.01)[];
MIME_TRACE(0.00)[0:+,1:+,2:~];
ASN(0.00)[asn:24940, ipnet:88.198.0.0/16, country:DE];
FROM_EQ_ENVFROM(0.00)[];
MID_RHS_MATCH_FROM(0.00)[];
RCVD_COUNT_ZERO(0.00)[0];
DKIM_TRACE(0.00)[polifitness.it:+];
RCPT_COUNT_ONE(0.00)[1];
TO_MATCH_ENVRCPT_ALL(0.00)[];
FROM_HAS_DN(0.00)[];
TO_DN_NONE(0.00)[];
PRECEDENCE_BULK(0.00)[];
ARC_NA(0.00)[]
X-Rspamd-Server: rspamd-worker-8404
X-MORS-Enabled: yes
X-MORS-DOMAIN: MEINEDOMAIN
X-MORS-HOSTING: hostingXXXXX
X-MORS-USER: hostingXXXXXDer admin.netcup.eu link im Body führt natürlich zu einer anderen Domain
Code
725caff5.giourosbikes.gr/?id=MEINEDOMAINModerators gibt es eine Offizielle Stelle bei euch wo man sowas melden kann?
EDIT: Die Mail flattert alle 30 min mit einer anderen alias Mail bei mir ein.
