1. 19
  1. 4

    They had registered the domain amexmessages.com, which is surprisingly legitimate looking. The email had a valid SPF header, and got a pass from the antivirus scanner (the X-IronPort-AV header).

    Not a main point of the article, but this is a great example of why SPF doesn’t really do anything to fight spam…it just requires spammers to register a plausible looking domain name.

    1. 1

      Is it possible to send this kind of results to a cyber crime police division to see if maybe they can continue the investigation?