hi, received this spoofed email but tried using mailMeta, it did not give much info on this spoofed email.

mail.txt

Return-Path: [email protected]

Delivered-To: [email protected]

Received: from herod.dnsvine.com

by herod.dnsvine.com with LMTP

id gA5JCtpa7mFxeQ4AYzko9Q

(envelope-from <[email protected]>)

for <[email protected]>; Mon, 24 Jan 2022 15:52:58 +0800

Return-path: [email protected]

Envelope-to: [email protected]

Delivery-date: Mon, 24 Jan 2022 15:52:58 +0800

Received: from mail-eopbgr1300103.outbound.protection.outlook.com ([40.107.130.103]:14955 helo=APC01-HK2-obe.outbound.protection.outlook.com)

by herod.dnsvine.com with esmtps  (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.94.2)

(envelope-from <[email protected]>)

id 1nBu9e-003ylP-F1; Mon, 24 Jan 2022 15:52:53 +0800

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=JYIbzZAHAleksvQ0oRj5+CaWTupFy3jvMS4M8IAVSyep4qdUTysei6HYYrdRnlR4LAeTgkb0ySMDXIFrTAPLxuC4wRFLhoI8j+Q1HZg6eqrvojGG5BkGNnYraRLeJfAypf4UftcsXxnjDSzfkOkI0Z3VJpqMR3hh6wph4rczg8HoyEjjfTn6ofe8bASM+NIObFHihFK0QXsy5WKkPIxSuQUo231VbycMtwgNqCLyzSHU/TmdOQL+1mePG1wHyuor6EJXX23i4kdGoy82DrLc4ZeClCZpdQBR8N5LsAvmXH01unN8zY6AjYHTTbed6fK2WqH2LWn7jz1u9hqaYFoTHQ==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=pj1BvmZvSopomFS5uE7XvJZ1WgKbJ43tIkqpjqwRB9U=;

b=P0LpIS4skVuWmFbtgnX4eFXuj2MZ4LMgtxjY2aO2UiYNFJj2zbBetvXcUUAO9I8zcYlVONjqbTr15tdSi3dWi/HM2oE9AZ4MlcDTH9+6rMvwvwchVRCp5jM4BimUCmgqoLVvjjU+LaB5cprHL+9VjMWv5uLIOQCsDdYjU1MGUUI+heIGDzcrgCsXOSnjLcDOQzQilxagpTJE2f4fQS672YiNmrn7BspCVEVummsC6Pr6sfTi0NhOKQ7uQq6K8Y+ZgYPV1HXtqRH0w527VUJRALD3Stpoibh0rxP3eziCeXyIVhlxwCKL6ccY4BMw916g/WFbI8w1BHrSaNSZPMwDaw==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;

dkim=none; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=travel.onmicrosoft.com;

s=selector2-travel-onmicrosoft-com;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=pj1BvmZvSopomFS5uE7XvJZ1WgKbJ43tIkqpjqwRB9U=;

b=qzjZ7fIvq737g1o/kr8dtQV7Ruzb1lS1bDMd4CsF2KPeKci43zsmN2hsw/xMuDdTwhvxZPZxsIXn0szbDtpUX2uG/jI7/X4MCf8iZwxUHLDwo5BMViaIWzK+tfm+ZB+/uQJ2jetSMECu9pCuZK5Jj5AMiK4Zer6cRsUHlyfAT1k=

Received: from KL1PR03MB4935.apcprd03.prod.outlook.com (2603:1096:820:1c::23)

by HK0PR03MB3074.apcprd03.prod.outlook.com (2603:1096:203:4e::19) with

Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4930.6; Mon, 24 Jan

2022 07:52:31 +0000

Received: from KL1PR03MB4935.apcprd03.prod.outlook.com

([fe80::6147:e8df:b5a6:6cb3]) by KL1PR03MB4935.apcprd03.prod.outlook.com

([fe80::6147:e8df:b5a6:6cb3%3]) with mapi id 15.20.4930.014; Mon, 24 Jan 2022

07:52:30 +0000

From: Frederick Teng [email protected]

Subject:

=?utf-8?B?Rlc6IEpIIFllZSAmIENvIOKAk3x8IFJFOiBQUk9KRUsgTE9KSSBNRU5DVUNJ?=

=?utf-8?B?IFBBU0lSIFNJTElLQSBESSBUQVBBSyBBVEFTIFNFQkFIQUdJQU4gS0FXQVNB?=

=?utf-8?B?TiBUQU5BSCBESSBMT1QgNDI0NSwgS0FXQVNBTiBCVUtJVCBTQUdBLCBQRU5H?=

=?utf-8?B?RVJBTkcgU0VMVUFTIDgwIEVLQVIgKOKAnFByb2playB0ZXJzZWJ1dOKAnSk=?=

Thread-Topic:

=?utf-8?B?Rlc6IEpIIFllZSAmIENvIOKAk3x8IFJFOiBQUk9KRUsgTE9KSSBNRU5DVUNJ?=

=?utf-8?B?IFBBU0lSIFNJTElLQSBESSBUQVBBSyBBVEFTIFNFQkFIQUdJQU4gS0FXQVNB?=

=?utf-8?B?TiBUQU5BSCBESSBMT1QgNDI0NSwgS0FXQVNBTiBCVUtJVCBTQUdBLCBQRU5H?=

=?utf-8?B?RVJBTkcgU0VMVUFTIDgwIEVLQVIgKOKAnFByb2playB0ZXJzZWJ1dOKAnSk=?=

Thread-Index: AdgH/hsPqCsgvw1rSi+pvzRPVZgXEw==

Date: Mon, 24 Jan 2022 07:52:29 +0000

Message-ID:

KL1PR03MB493530C5120256BA382CE231AD5E9@KL1PR03MB4935.apcprd03.prod.outlook.com

Accept-Language: en-US

Content-Language: en-US

X-MS-Has-Attach: yes

X-MS-TNEF-Correlator:

authentication-results: dkim=none (message not signed)

header.d=none;dmarc=none action=none header.from=travel.com;

x-ms-publictraffictype: Email

x-ms-office365-filtering-correlation-id: 88c0e8cb-2116-4689-0ebc-08d9df0e7966

x-ms-traffictypediagnostic: HK0PR03MB3074:EE_

x-ld-processed: 9606303e-7a90-4753-aea9-1ec019ee766c,ExtAddr

x-microsoft-antispam-prvs:

HK0PR03MB3074311A5DB82CA3EA3952E3AD5E9@HK0PR03MB3074.apcprd03.prod.outlook.com

x-ms-oob-tlc-oobclassifiers: OLM:4125;

x-ms-exchange-senderadcheck: 1

x-ms-exchange-antispam-relay: 0

x-microsoft-antispam: BCL:0;

x-microsoft-antispam-message-info:

MCcRhZEgzzMfYOPOa+GQFCYuDMSocJm7RbyfPXDELPFJZ12hQHUBl9yJGUP6nXlvqhPAdE7P9+8WSl9KOFAewg29zNFTv49GK3Wr+UUJeOSTyjni9jJkw2Rq0DSnDsur5jBs4Z8kwxIa9rfkch2CWpGixvycpzG6qtWg4oztWxg5dgTlhC2dNJKBMgLvmvP/bSfzGwjatKZbUeQavOctUN2Z/vQ83sXH9+/+jJghof+iqfrQ5fSgrm9dSDwhEkmvIw9xa/w/RyxNJSPRtaCAx6+hBU9gfGoda//BVsgYEtklLN5HWUKIhIV84f9p9SMlw4I6NnKTl9zBHXO9JCrqT90rFl3SJQ6C8ZX8Vgzf/DZZWOhF8+5PHLinzuEpr2LChc/WkZhUpbsNi3XIVkjavbSk++Qit5eOFjKfI92ECAwPQwzPrvuHrK7/zfurLN8jT3ryW9dtcqxQ2gydfXw7V/2/YMpv8IZGDiaMc2Qw7fTtcJi0uHrQfWiw092VD9lOiiiSdnrMYLUNM1RiILtYqEWzC3SXOjvWBqbq+CYChMQGaouYRz3uJvnW2XjgsfmZ9A2r0/6BeuXaidQ1AqXjnJoroAj4x3wTiEkNBDVdZ9BhD/8dshZsRx3tuRMCxCLcdXzGkJfqIj++JKEmf51Jyif4YBzdT6xRtBB5+eojYOuhATNdYNsnxe9GlkSj5MAA5mzQ2YNZZW4cCa2NpRMEu0vobaUvr13FbaoU/uxlE86AhlUDOi3y6LCTp4LCSjCbom7mUWtDUSLLdC8WeZ+rhQ==

x-forefront-antispam-report:

CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:KL1PR03MB4935.apcprd03.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230001)(366004)(316002)(2906002)(7366002)(7406005)(55016003)(7336002)(5660300002)(33656002)(86362001)(7276002)(7416002)(109986005)(71200400001)(66476007)(166002)(76116006)(122000001)(64756008)(99936003)(38070700005)(52536014)(66556008)(8936002)(66446008)(26005)(38100700002)(6506007)(9686003)(508600001)(7696005)(66946007)(186003)(65686005)(83380400001)(219773003)(20210929001);DIR:OUT;SFP:1102;

x-ms-exchange-antispam-messagedata-chunkcount: 1

x-ms-exchange-antispam-messagedata-0:

=?utf-8?B?dXVPWXlkTlZDS3FQeU04WnUxb1dPSGdxV0g3N1F0ajAzN3FuNWZjaUROcW12?=

=?utf-8?B?Z1pkaGVDc0xrMUhZSStJcUQ0elQ5eXVuRDRSaWtjdkloTWphT283dFFYejlq?=

=?utf-8?B?aUl6U0dtaW9xV1l4UG5ZSWM1WWZjaTBOeDE2T085OHB4NFNrQkVrd0ZUR1JV?=

=?utf-8?B?YlF5MWZsVTJQNUxBSjZWWE51cFRCbmw2TlhITjVmSUJudXRMUzZwdDNtZUNi?=

=?utf-8?B?TldxeDR0eThKUVR4cUtLQ0h4L2RxRk91Vkc5QmU2T3pOK2NoNnl1UXh1R3hz?=

=?utf-8?B?SGx0OVowMGRBVDV0ZmFIbWFrUXpYNzcxQU80dEVQWDdzZTBnK0hVWVk5Mjds?=

=?utf-8?B?WXlDM2wrSUFZdy9GU1I3ZXE1VGFzaU1JVmNMbFBwUkJNemxvaE1GeXJJT1I1?=

=?utf-8?B?dXlZemhkc0JsVkFwcEtzbUNZZ0JOZmtLQ3QxdnVEMUp6NEhSMDRpQUVkN2t5?=

=?utf-8?B?YTZYaStYSEdZWVF4SkQ0NTQ4WmM1Z0I5SmpwWHNsallubjdCL2p6d1dSb0ZB?=

=?utf-8?B?MjB3ZjhjNUl2OXh4b2M1a2c3aHJualplUktoLytQUE14VkRJcC8vY3JJYUow?=

=?utf-8?B?RzljTkNyMWF6VUxXUlQ5SFV5K1g5WVNZVWtqeUhzTFI3MkgyaWRmdVJjeW9L?=

=?utf-8?B?cXJSNXloMndDcWdQV0R3UFpXN1FJNWJ3UFgrdzZhK1VlVDJ0aW1iODNDY0J5?=

=?utf-8?B?ZW0vaVU4YURCTExDMEZIaXFmVWJ0VU05eUdZNk0xaWhLUklDRmw1MFh1NlFt?=

=?utf-8?B?WUE1NThlYmRXZEVBVDUrNTFJSitMZVVKeTZ0WGxad0IzcTBYY1NTcFRjeUJ2?=

=?utf-8?B?N0haYWpwelhkL0RBaUVkSytkay9hKzlFUm9qNzN5ekxnbnVNNm1JdUNseGJi?=

=?utf-8?B?MWZQQjhuQWdIYm4zTW90R1lwYStJUSttZVVpYzdGSGlmZ1FscVdIZ0NWaVg3?=

=?utf-8?B?VExHbFNPakQzVjlHMVJ0Yi85NFQwRWVzVnZ4UXlNZHlZZUlqQ2kyOVVVSWpx?=

=?utf-8?B?WDdVMFI1M0l6WkZYN3B5eHFFTTBOMnJsaFpWZ1NDTDZVTzdLRzdEZXRpV0Vo?=

=?utf-8?B?L3VMYXNRdXVSbjZORXRFeXhsV2J5ekZTcW5pKzZhbFUrRkFzTk9oTXVLZEx6?=

=?utf-8?B?ZmJtY0RaN0hCa2ExLzZWQjhsUm42RnpVYXh5RlZuVUo5d211SmxhVU4xeFdX?=

=?utf-8?B?d0hoSGQrdHA1SWpPNC91MkVQYzVDaGFOaVV5K3BlN093UUJtOVNIVTRBSjR2?=

=?utf-8?B?QzEvaE1wbmkrQXQ5NHdrZ2pHMUtvbmRZQkRzWjUvbkQwNlBKeDZuaXVhYUdB?=

=?utf-8?B?dU41anBuUTl5ZVpyWEYzZjYyeTVrTTNUVGhQNjVnZ2gzSjRPUjdtTlowbCtN?=

=?utf-8?B?Zm1IWGVJMGtkdUt1S0l4U1pjTWcwL2hnYW11Y00zYWp4RzhBRHljVExtNDd2?=

=?utf-8?B?cUFGQlZOdjlJeHpnVldONEZ1UmtHL3UyTkNtOXFKSlFma0M3UzJ6M2ZUYzlW?=

=?utf-8?B?RXA5VjV3Q3A5V1Y0dDlaUG9uMmdpZHpzV0N6Y2Q5Zk1GRCtjNGJ0RmRja1RD?=

=?utf-8?B?b2UzYTUyNDQ3UVBKL1R6VFVFeEJYN3VnRk1rWHBWajVmTXlmUGVWYjFKaG0w?=

=?utf-8?B?cGhyQVBxZDRYeDNYQ1ZuNzJWWVgzZ0FsK0xrNFlwTmRlLysrNUF0Z2R3eWEz?=

=?utf-8?B?TUNLY3dUakNxRUdCUnNDNDNmaFo0L0EyQUFwSjY2djV1TnFGd3d6NDNKLzdM?=

=?utf-8?B?NnVqZFJnQWNtVXBNaWYvU2R4ZU5QYmwyWjEySHFvSERkeGNZWGtGU0FNcUdG?=

=?utf-8?B?SGYvWlNHdzVRbVZ6VzJYVnFlSW1lbTE3RUdpYkVNWmlhT0V3TW9PTFpicUFt?=

=?utf-8?B?WUh4cHFBSGFoeEdVM3BFRDEvQm9FV3YrbVJxQ1hTNVNiZW1qd1hvK3plWEN6?=

=?utf-8?B?Rit5R0dibnlNRHRBcmcrNUtEc1Zkd2wvWmFyWVdwdW9uaTd0VGx6aDFSdU0w?=

=?utf-8?B?Y0dORTBwS0Ezb1hyZVVTcG53L3BMMDdPRXhmQlUzOHU3aVlBY1V4OUhYRnd2?=

=?utf-8?B?TXdoV0VmanJJMUlqNUdudGZQRlJBOU5rbS9oWGRvejhlMFlmTWVrUUUxNmpO?=

=?utf-8?B?d0F5bG55MVI5TDJUc3BDbjYveFMxT0hhdHRHWnNQdS9DTlJRRGVlV1RNeXp5?=

=?utf-8?B?MkE9PQ==?=

Content-Type: multipart/related;

boundary="_005_KL1PR03MB493530C5120256BA382CE231AD5E9KL1PR03MB4935apcp_";

type="multipart/alternative"

MIME-Version: 1.0

X-OriginatorOrg: travel.com

X-MS-Exchange-CrossTenant-AuthAs: Internal

X-MS-Exchange-CrossTenant-AuthSource: KL1PR03MB4935.apcprd03.prod.outlook.com

X-MS-Exchange-CrossTenant-Network-Message-Id: 88c0e8cb-2116-4689-0ebc-08d9df0e7966

X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Jan 2022 07:52:29.7342

(UTC)

X-MS-Exchange-CrossTenant-fromentityheader: Hosted

X-MS-Exchange-CrossTenant-id: 9606303e-7a90-4753-aea9-1ec019ee766c

X-MS-Exchange-CrossTenant-mailboxtype: HOSTED

X-MS-Exchange-CrossTenant-userprincipalname: Gtxw+KrQp4ZodPO2RABFEqEFP9eSXrcSA6XwCwk53AzJbgcl7izD8NWh6fH1MbZHM5ZlPzpfvnWbJ87ZSgzgxg==

X-MS-Exchange-Transport-CrossTenantHeadersStamped: HK0PR03MB3074

X-Spam-Status: No, score=1.2

X-Spam-Score: 12

X-Spam-Bar: +

X-Ham-Report: Spam detection software, running on the system "herod.dnsvine.com",

has NOT identified this incoming email as spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

root@localhost for details.

Content preview: [cid:[email protected]]https://travel.deskera.com/wb

Thanks and warmest regards, James Fernand | 陈少秦| Partner [cid:[email protected]]

Telephone No. : +500 - 8711 84444 Fascimile No. : +500 - 8711 84443 Address

: KO2-55-03, M Office 5, Sunleeds, Hoolows S [...] 

Content analysis details: (1.2 points, 5.0 required)

pts rule name description

0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was

                         blocked.  See

                         http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block

                          for more information.

                         [URIs: deskera.com]

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

-0.0 SPF_PASS SPF: sender matches SPF record

1.2 MISSING_HEADERS Missing To: header

0.0 HTML_MESSAGE BODY: HTML included in message

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily

                         valid

X-Spam-Flag: NO

Hello,

Just heard about this project from a tweet by Nicolas Crassas. As I understand it, it does more or less part of an antispam software job, like looking at spf record and dkim signature. Are there any differences with antispam software like SpamAssassin for eg. ?