Paypal fishing spam received at a list-owner at pm.org (FYI)

[n1vux]

FYI, boston-pm-owner@pm.org and thus I received PayPal phishing spam.

Unclear to me if the "pass" results accepting it as Paypal authentic despite coming from outlook.com and having been forwarded by a prior gateway before pm.org, or if double relaying caused forged headers to be accepted, or if there's a larger failure in email protections. Fascinating.

PHISHING-PAYPAL-SPAM-001.eml.txt

[jhannah]

Sorry, I don't know anything about our spam filters. @rspier might be able to comment.

[rspier]

This is an example of a recent class of spam that originates with Paypal, bounces through a relay, and into (hopefully) our spam filters.

Paypal's SPF configuration is set to so soft fail, which should have resulted in Microsoft filtering it, but they didn't.

The reality is some spam is going to get past our filters. We're going to make some changes if time permits which hopefully will help reduce the amount that gets through. Not sure we can do much about this one right now.

Thanks for letting us know about it.

It's hard to block because it is nearly identical