It's being sent from mailxxxxxx.megamailservers.com, where xxxxx is changing. The whole IP range (69.49.96.0/19) is allocated to Internet Names For Business Inc. from CA, USA.

I have already reported this to the abuse contact associated with this IP range.

--

Kind regards,

David Brůha

Virtis s.r.o.

U Boroviček 255/8

Praha 6, 163 00

e-mail: d.bruha@virtis.cz

Dne středa 9. října 2024 18:01:23 CEST, Tobias Fiebig via members-discuss napsal(a):

> Moin,

>

> > I have attached the email, I didn’t click on it.

>

>

> I would like to raise some attention to the nicely placed yellow 

> checkmark next to TLS, under the point 'Security'; This is likely

> there because the delivering MTA submitted with STARTTLS.

>

> I would bet that some phishing mail with S/MIME from an attacker 

> controlled domain, or possibly even just DKIM alignment might net 

> this a green version.

>

> What webinterface is this? Outlook/M365? Gmail workspaces?

>

> In any case, whoever designed this, clearly seems to have a heart

> for making phishing easier.

>

> With best regards,

> Tobias

> -----

> To unsubscribe from this mailing list or change your subscription options,

> please visit:

> https://mailman.ripe.net/mailman3/lists/members-discuss.ripe.net/ As we

> have migrated to Mailman 3, you will need to create an account with the

> email matching your subscription before you can change your settings. More

> details at: https://www.ripe.net/membership/mail/mailman-3-migration/