You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

457 lines
26 KiB

---
title: Another good fake
summary:
date: 2024-04-29T21:12:44+0200
# lastmod:
# categories:
#- spam
# tags:
# showBreadcrumbs: true
# showDate: false
# showReadingTime: false
# showWordCount: false
# showPagination: false
# feed_exclude: true
# site_exclude: true
draft: true
---
This one is another good fake mail that does not look like spam at the
first sight -- but in the end they're all the same mails with faked
recipients/senders/links etc.
## The mail body
~~~
Mit Drei immer bestens informiert.
[1][DreiInfoConsumerKletterer]
Lieber Drei Kunde,
Ich hoffe, es geht Ihnen gut. Ich möchte Sie über ein wichtiges Update
bezüglich Ihrer Telefonnummer informieren. Wir haben kürzlich festgestellt,
dass Ihre Nummer aufgrund einiger Änderungen in unserem System
irrtümlicherweise deaktiviert wurde.
Um Ihren Telefondienst wiederherzustellen, bitten wir Sie, diese einfachen
Schritte zu befolgen:
Klicken Sie auf [2]Link. Dies wird Sie zu unserer Plattform weiterleiten, wo
Sie die Reaktivierung Ihrer Telefonnummer bestätigen können.
Sobald Sie auf den Link geklickt und die Reaktivierung bestätigt haben, sollte
Ihre Telefonnummer in Kürze wieder betriebsbereit sein.
Um Ihr Telefon zu reaktivieren, klicken Sie bitte auf den folgenden Link:
[3]https://www.drei.at/selfcare/Verification.do?optInKey=id8630763
Wenn Sie zusätzliche Unterstützung benötigen oder Probleme bei der
Reaktivierung Ihrer Nummer haben, zögern Sie nicht.
Wir danken Ihnen für Ihre Mitarbeit und Ihr Verständnis. Wir sind hier, um
Ihnen so schnell wie möglich bei der Wiederherstellung Ihres Telefondienstes zu
helfen.
Freundliche Grüße
Ihr Drei Service-Team
[4][footerblue]
[5]Facebook [6]Instagram [7]Twitter [8]Youtube [9]Linkedin [10]Xing
[11][machtseinf]
Es gelten die AGB von Hutchison Drei Austria GmbH. Details auf [12]www.drei.at,
HG Wien, FN 140132b
[13]Kontakt | [14]Impressum
References:
[1] https://www.drei.at/de/index.html
[2] https://wid.chh.mybluehost.me/website_7fb0c4ce/at/1
[3] https://wid.chh.mybluehost.me/website_7fb0c4ce/at/1
[4] https://www.drei.at/webmail/de/index?attachment=2&fld=%2fINBOX%2fTrash&id=1&mode=html&task=datatable_imap_mail_download
[5] https://www.facebook.com/dreioesterreich
[6] https://www.instagram.com/dreioesterreich
[7] https://twitter.com/dreioesterreich
[8] https://www.youtube.com/dreioesterreich
[9] https://www.linkedin.com/company/drei-oesterreich
[10] https://www.xing.com/company/dreioesterreich
[11] https://www.drei.at/webmail/de/index?attachment=2&fld=%2fINBOX%2fTrash&id=1&mode=html&task=datatable_imap_mail_download
[12] http://www.drei.at/
[13] https://www.drei.at/selfcare/contact.do?utm_campaign=kontakt&utm_source=alle&utm_medium=shortlink&utm_content=onsite
[14] https://www.drei.at/de/footernavigation/impressum/
~~~
The list of links on the bottom already gives a clue about the mail.
## The mail body source (html)
~~~html {hl_lines="59 78"}
<html>
<head>
<title></title>
</head>
<body>
<p>&nbsp;</p>
<table border="0" cellpadding="0" cellspacing="0" role="presentation" style="position: relative;" width="100%">
<tbody>
<tr>
<td align="center" style="text-size-adjust: none; border-collapse: collapse;" valign="top">
<table border="0" cellpadding="0" cellspacing="0" class="nomob" role="presentation" style="max-width: 660px; background: #ffffff;" width="660">
<tbody>
<tr>
<td style="text-size-adjust: none; border-collapse: collapse;" width="660">
<table border="0" cellpadding="0" cellspacing="0" role="presentation" width="100%">
<tbody>
<tr>
<td align="center" class="ph10" style="text-size-adjust: none; border-collapse: collapse; padding: 10px 0px; background-image: initial; background-position: initial; background-size: initial; background-repeat: initial; background-attachment: initial; background-origin: initial; background-clip: initial;" valign="top" width="660">
<div style="text-size-adjust: none; font-family: Arial, Helvetica, sans-serif; font-size: 10px; line-height: 14px;"><span style="font-family: 'Times New Roman'; font-size: medium;">Mit Drei immer bestens informiert.</span></div>
</td>
<td class="nomob" style="text-size-adjust: none; border-collapse: collapse; font-size: 0px;">&nbsp;</td>
</tr>
</tbody>
</table>
</td>
<td class="nomob" style="text-size-adjust: none; border-collapse: collapse; font-size: 0px;">&nbsp;</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td align="center" style="text-size-adjust: none; border-collapse: collapse; background: #ffffff;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="wrapto660px" role="presentation" style="width: 660px !important; max-width: 660px;" width="100%">
<tbody>
<tr>
<td align="left" style="text-size-adjust: none; border-collapse: collapse; font-size: 1px; line-height: 1px; margin: 0px; padding: 0px;" valign="top">
<table border="0" cellpadding="0" cellspacing="0" role="presentation" style="background-image: initial; background-position: initial; background-size: initial; background-repeat: initial; background-attachment: initial; background-origin: initial; background-clip: initial;" width="100%">
<tbody>
<tr>
<td align="center" class="wrapto100pcmax" style="text-size-adjust: none; border-collapse: collapse;" valign="top" width="660"><a href="https://www.drei.at/de/index.html" rel="noopener" style="text-size-adjust: none;" target="_blank"><span style="color: #000000; font-size: medium;"><img data-orgsrc="http://images.emlcdn.net/cdn/1001693/2135fbd9-3346-4aba-b0cd-26018ede6c72/DreiInfoConsumerKletterer.png" height="auto" src="http://images.emlcdn.net/cdn/1001693/2135fbd9-3346-4aba-b0cd-26018ede6c72/DreiInfoConsumerKletterer.png" style="display: block; border: 0px; width: 660px; height: auto; max-width: 660px;" width="660" /></span></a></td>
</tr>
</tbody>
</table>
<table border="0" cellpadding="0" cellspacing="0" role="presentation" style="background-image: initial; background-position: initial; background-size: initial; background-repeat: initial; background-attachment: initial; background-origin: initial; background-clip: initial;" width="100%">
<tbody>
<tr>
<td align="center" class="ph10" style="text-size-adjust: none; border-collapse: collapse; padding: 20px;" valign="top" width="660">
<div style="text-size-adjust: none; text-align: left;"><span style="font-size: medium;"><span class="main-copy" style="line-height: 20px;">Lieber Drei Kunde,<br />
<br />
Ich hoffe, es geht Ihnen gut. Ich m&ouml;chte Sie &uuml;ber ein wichtiges Update bez&uuml;glich Ihrer Telefonnummer informieren. Wir haben k&uuml;rzlich festgestellt, dass Ihre Nummer aufgrund einiger &Auml;nderungen in unserem System irrt&uuml;mlicherweise deaktiviert wurde.<br />
<br />
Um Ihren Telefondienst wiederherzustellen, bitten wir Sie, diese einfachen Schritte zu befolgen:<br />
<br />
Klicken Sie auf <strong><a href="https://wid.chh.mybluehost.me/website_7fb0c4ce/at/1">Link</a></strong>. Dies wird Sie zu unserer Plattform weiterleiten, wo Sie die Reaktivierung Ihrer Telefonnummer best&auml;tigen k&ouml;nnen.</span></span></div>
<div style="text-size-adjust: none; text-align: left;">&nbsp;</div>
<div style="text-size-adjust: none; text-align: left;"><br />
<span style="font-size: medium;"><span class="main-copy" style="line-height: 20px;">Sobald Sie auf den Link geklickt und die Reaktivierung best&auml;tigt haben, sollte Ihre Telefonnummer in K&uuml;rze wieder betriebsbereit sein.</span></span></div>
<div style="text-size-adjust: none; text-align: left;">&nbsp;</div>
<div style="text-size-adjust: none; text-align: left;">&nbsp;</div>
<div style="text-size-adjust: none; text-align: left;"><span style="font-size: medium;"><span class="main-copy" style="line-height: 20px;">Um Ihr Telefon zu reaktivieren, klicken Sie bitte auf den folgenden Link:</span></span></div>
<div style="text-size-adjust: none; text-align: left;">&nbsp;</div>
<div style="text-size-adjust: none; text-align: left;">&nbsp;</div>
<div style="text-size-adjust: none; text-align: left;">&nbsp;</div>
<div style="text-size-adjust: none; text-align: left;"><span style="font-size: medium;"><a href="https://wid.chh.mybluehost.me/website_7fb0c4ce/at/1"><span class="main-copy" style="line-height: 20px;">https://www.drei.at/selfcare/Verification.do?optInKey=id8630763</span></a></span></div>
<div style="text-size-adjust: none; text-align: left;">&nbsp;</div>
<div style="text-size-adjust: none; text-align: left;">&nbsp;</div>
<div style="text-size-adjust: none; text-align: left;">&nbsp;</div>
<div style="text-size-adjust: none; text-align: left;"><span style="font-size: medium;"><span class="main-copy" style="line-height: 20px;">Wenn Sie zus&auml;tzliche Unterst&uuml;tzung ben&ouml;tigen oder Probleme bei der Reaktivierung Ihrer Nummer haben, z&ouml;gern Sie nicht.</span></span></div>
<div style="text-size-adjust: none; text-align: left;">&nbsp;</div>
<div style="text-size-adjust: none; text-align: left;">&nbsp;</div>
<div style="text-size-adjust: none; text-align: left;">&nbsp;</div>
<div style="text-size-adjust: none; text-align: left;"><span style="font-size: medium;"><span class="main-copy" style="line-height: 20px;">Wir danken Ihnen f&uuml;r Ihre Mitarbeit und Ihr Verst&auml;ndnis. Wir sind hier, um Ihnen so schnell wie m&ouml;glich bei der Wiederherstellung Ihres Telefondienstes zu helfen.<br />
<br />
Freundliche Gr&uuml;&szlig;e<br />
Ihr Drei Service-Team</span></span><br />
&nbsp;</div>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td align="center" style="text-size-adjust: none; border-collapse: collapse; background: #ffffff;" valign="top">
<table border="0" cellpadding="0" cellspacing="0" role="presentation" style="background: #e8e5e2;">
<tbody>
<tr>
<td style="text-size-adjust: none; border-collapse: collapse;" width="660">
<table border="0" cellpadding="0" cellspacing="0" role="presentation" width="100%">
<tbody>
<tr>
<td align="center" style="text-size-adjust: none; border-collapse: collapse;" valign="top">
<table border="0" cellpadding="0" cellspacing="0" role="presentation" style="padding: 0px 15px;" width="100%">
<tbody>
<tr>
<td style="text-size-adjust: none; border-collapse: collapse;">
<table border="0" cellpadding="0" cellspacing="0" class="wrapto100pc" role="presentation" style="border-radius: 3px;" width="100%">
<tbody>
<tr>
<td align="center" style="text-size-adjust: none; border-collapse: collapse; padding: 39px 10px 18px;" valign="top"><a href="https://www.drei.at/webmail/de/index?attachment=2&amp;fld=%2fINBOX%2fTrash&amp;id=1&amp;mode=html&amp;task=datatable_imap_mail_download" rel="noopener" style="text-size-adjust: none;" target="_blank"><span style="color: #000000;"><img class="follow-image" data-orgsrc="http://images.emlcdn.net/cdn/1001693/2135fbd9-3346-4aba-b0cd-26018ede6c72/footerblue.png" src="http://images.emlcdn.net/cdn/1001693/2135fbd9-3346-4aba-b0cd-26018ede6c72/footerblue.png" style="display: block; border: 0px;" /></span></a></td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<table border="0" cellpadding="0" cellspacing="0" role="presentation" style="padding: 0px 15px 62px;" width="100%">
<tbody>
<tr>
<td style="text-size-adjust: none; border-collapse: collapse;">
<table align="center" border="0" cellpadding="0" cellspacing="0" role="presentation" style="border-radius: 3px; background-image: initial; background-position: initial; background-size: initial; background-repeat: initial; background-attachment: initial; background-origin: initial; background-clip: initial;">
<tbody>
<tr>
<td align="center" style="text-size-adjust: none; border-collapse: collapse; padding: 0px 7.5px;" valign="top"><a href="https://www.facebook.com/dreioesterreich" rel="noopener" style="text-size-adjust: none; height: auto; display: inline-block;" target="_blank"><span style="color: #000000;"><img alt="Facebook" border="none" class="follow-icon" data-orgsrc="http://images.emlcdn.net/cdn/1001693/2135fbd9-3346-4aba-b0cd-26018ede6c72/facebookblue.png" height="53" src="http://images.emlcdn.net/cdn/1001693/2135fbd9-3346-4aba-b0cd-26018ede6c72/facebookblue.png" style="display: block; border: 0px;" width="53" /></span></a></td>
<td align="center" style="text-size-adjust: none; border-collapse: collapse; padding: 0px 7.5px;" valign="top"><a href="https://www.instagram.com/dreioesterreich" rel="noopener" style="text-size-adjust: none; height: auto; display: inline-block;" target="_blank"><span style="color: #000000;"><img alt="Instagram" border="none" class="follow-icon" data-orgsrc="http://images.emlcdn.net/cdn/1001693/2135fbd9-3346-4aba-b0cd-26018ede6c72/instablue.png" height="53" src="http://images.emlcdn.net/cdn/1001693/2135fbd9-3346-4aba-b0cd-26018ede6c72/instablue.png" style="display: block; border: 0px;" width="53" /></span></a></td>
<td align="center" style="text-size-adjust: none; border-collapse: collapse; padding: 0px 7.5px;" valign="top"><a href="https://twitter.com/dreioesterreich" rel="noopener" style="text-size-adjust: none; height: auto; display: inline-block;" target="_blank"><span style="color: #000000;"><img alt="Twitter" border="none" class="follow-icon" data-orgsrc="http://images.emlcdn.net/cdn/1001693/2135fbd9-3346-4aba-b0cd-26018ede6c72/twitterblue.png" height="53" src="http://images.emlcdn.net/cdn/1001693/2135fbd9-3346-4aba-b0cd-26018ede6c72/twitterblue.png" style="display: block; border: 0px;" width="53" /></span></a></td>
<td align="center" style="text-size-adjust: none; border-collapse: collapse; padding: 0px 7.5px;" valign="top"><a href="https://www.youtube.com/dreioesterreich" rel="noopener" style="text-size-adjust: none; height: auto; display: inline-block;" target="_blank"><span style="color: #000000;"><img alt="Youtube" border="none" class="follow-icon" data-orgsrc="http://images.emlcdn.net/cdn/1001693/2135fbd9-3346-4aba-b0cd-26018ede6c72/youtubeblue.png" height="53" src="http://images.emlcdn.net/cdn/1001693/2135fbd9-3346-4aba-b0cd-26018ede6c72/youtubeblue.png" style="display: block; border: 0px;" width="53" /></span></a></td>
<td align="center" style="text-size-adjust: none; border-collapse: collapse; padding: 0px 7.5px;" valign="top"><a href="https://www.linkedin.com/company/drei-oesterreich" rel="noopener" style="text-size-adjust: none; height: auto; display: inline-block;" target="_blank"><span style="color: #000000;"><img alt="Linkedin" border="none" class="follow-icon" data-orgsrc="http://images.emlcdn.net/cdn/1001693/2135fbd9-3346-4aba-b0cd-26018ede6c72/linkedinblue.png" height="53" src="http://images.emlcdn.net/cdn/1001693/2135fbd9-3346-4aba-b0cd-26018ede6c72/linkedinblue.png" style="display: block; border: 0px;" width="53" /></span></a></td>
<td align="center" style="text-size-adjust: none; border-collapse: collapse; padding: 0px 7.5px;" valign="top"><a href="https://www.xing.com/company/dreioesterreich" rel="noopener" style="text-size-adjust: none; height: auto; display: inline-block; width: 40px;" target="_blank"><span style="color: #000000;"><img alt="Xing" border="none" class="follow-icon" data-orgsrc="http://images.emlcdn.net/cdn/1001693/2135fbd9-3346-4aba-b0cd-26018ede6c72/xingblue.png" height="53" src="http://images.emlcdn.net/cdn/1001693/2135fbd9-3346-4aba-b0cd-26018ede6c72/xingblue.png" style="display: block; border: 0px;" width="53" /></span></a></td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<table align="center" border="0" cellpadding="0" cellspacing="0" class="wrapto100pc" role="presentation" style="border-radius: 3px; background-image: initial; background-position: initial; background-size: initial; background-repeat: initial; background-attachment: initial; background-origin: initial; background-clip: initial; padding-bottom: 28px;">
<tbody>
<tr>
<td align="center" class="ctatext" style="text-size-adjust: none; border-collapse: collapse;" valign="top"><a href="https://www.drei.at/webmail/de/index?attachment=2&amp;fld=%2fINBOX%2fTrash&amp;id=1&amp;mode=html&amp;task=datatable_imap_mail_download" rel="noopener" style="text-size-adjust: none;" target="_blank"><span style="color: #000000;"><img class="footer-image" data-orgsrc="http://images.emlcdn.net/cdn/1001693/2135fbd9-3346-4aba-b0cd-26018ede6c72/machtseinfach.png" src="http://images.emlcdn.net/cdn/1001693/2135fbd9-3346-4aba-b0cd-26018ede6c72/machtseinfach.png" style="display: block; border: 0px;" /></span></a></td>
</tr>
</tbody>
</table>
<p class="terms-and-conditions" style="text-size-adjust: none; margin: 0px 10px; padding: 0px; font-family: Arial, Helvetica, sans-serif; font-size: 12px; line-height: 15px;"><span style="font-family: 'Times New Roman'; font-size: medium;">Es gelten die AGB von Hutchison Drei Austria GmbH. Details auf&nbsp;<a href="http://www.drei.at/" name="Drei" rel="noopener" style="text-size-adjust: none;" target="_blank">www.drei.at</a>, HG Wien, FN 140132b</span></p>
<div class="bottom-nav-links" style="text-size-adjust: none; padding: 0px; margin: 17px 0px 35px;"><span style="color: #000000;"><a href="https://www.drei.at/selfcare/contact.do?utm_campaign=kontakt&amp;utm_source=alle&amp;utm_medium=shortlink&amp;utm_content=onsite" rel="noopener" style="text-size-adjust: none;" target="_blank">Kontakt</a>&nbsp;|&nbsp;<a href="https://www.drei.at/de/footernavigation/impressum/" rel="noopener" style="text-size-adjust: none;" target="_blank">Impressum</a></span></div>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</body>
</html>
~~~
## Some mail headers
~~~plain {hl_lines="18 130"}
Return-Path: <3serviceteam24@drei.at>
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41])
by sloti44n20 (Cyrus 3.11.0-alpha0-386-g4cb8e397f9-fm-20240415.001-g4cb8e397) with LMTPA;
Mon, 29 Apr 2024 05:32:26 -0400
X-Cyrus-Session-Id: sloti44n20-1714383146-1563527-2-12093189089660363855
X-Sieve: CMU Sieve 3.0
X-Spam-known-sender: no ("Email failed DMARC policy for domain")
X-Spam-sender-reputation: 1000 (domain; noauth)
X-Spam-score: 0.0
X-Spam-hits: BAYES_50 0.8, HTML_IMAGE_RATIO_08 0.001, HTML_MESSAGE 0.001,
ME_NOAUTH 0.01, ME_SC_SENDERREP -100, ME_SENDERREP_ALLOW -4,
SHORTCIRCUIT -0.0001, SPF_FAIL 0.001, SPF_HELO_PASS -0.001, LANGUAGES de,
BAYES_USED user, SA_VERSION 3.4.6
X-Spam-source: IP='222.227.81.166', Host='mta-sp-e06.jcom.zaq.ne.jp', Country='JP',
FromHeader='at', MailFrom='at'
X-Spam-charsets: plain='utf-8', html='utf-8'
X-Resolved-to: {my-mail-account}
X-Delivered-to: {my-real-mail-address}
X-Mail-from: 3serviceteam24@drei.at
Received: from mx3 ([10.202.2.202])
by compute1.internal (LMTPProxy); Mon, 29 Apr 2024 05:32:26 -0400
Received: from mx3.messagingengine.com (localhost [127.0.0.1])
by mailmx.nyi.internal (Postfix) with ESMTP id 4FE1D19600BA
for <{my-real-mail-address}>; Mon, 29 Apr 2024 05:32:26 -0400 (EDT)
Received: from mailmx.nyi.internal (localhost [127.0.0.1])
by mx3.messagingengine.com (Authentication Milter) with ESMTP
id 85CCEACF945.3D7B519600AE;
Mon, 29 Apr 2024 05:32:26 -0400
ARC-Seal: i=1; a=rsa-sha256; cv=none; d=messagingengine.com; s=fm3; t=
1714383146; b=NPrVm6ZPLeSZvNVXB5VH+DGhxZXOt/uuITUES+D/cHZDn5V4/J
ysZe5nOrK/SzTnf0DQJJyB+KY+6Po0iChnS4lJMVnDlT+Fsj0tHCsTJY267yd1rr
fRpM8GtoztzVR7ncPgOjCcjYZfl07gdK2jzUTr8x4MUonsoQLaauzHyc+wQMQNw2
LyWftCK4jJhId7sPzjjdro6D5LB0yQSEeFJsr67ziA3YtLvIPr41hW1QsKtDspuw
WJmhcWc+Rqd95admdtIyNFpdQH5M5hX4vph5/kL3/KpMg7atX+CSo55+O2MXufm/
g929r+iT++JL5653hpEZK+N5c66h4dG3xoiA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=
messagingengine.com; h=message-id:mime-version:from:to:subject
:date:content-type; s=fm3; t=1714383146; bh=ni8L8QRbTLgYTToOyOoV
KdbZKcUhLPS9kMfX3IVjuMg=; b=UEu8RBqgakH+Ht/jHWF4NEMYKXiX+wk02qn0
xrHfLZhS305RLQCXOZPxc4Y2iUGLRQcaFISGGVopjcxM5vn5Buzi93rdwmOFPcav
gkEJt12U/hQ94wzD+ukuARr5X0QcHY4Jhzecsk1gybMproDFdshRqqA/4HR1d3cv
9mTJCf/b64y5JJocAMcfBnKc1PO6PLVQ8Gcvz3nJVqKH7n4VEMKIX9vjbgrmo20v
GuKI34vYPiNvjj9Y7VXWfCMHMtDn3UdPv0qLb997sDjQmV331Vzuom6eS9WD/Dcv
xKtAG7dZMO2xndQorcZKzp6e3fZTGVb379cnJHgV1AoNcMljKw==
ARC-Authentication-Results: i=1; mx3.messagingengine.com;
x-csa=none;
x-me-sender=none;
x-ptr=pass smtp.helo=mta-sp-e06.jcom.zaq.ne.jp
policy.ptr=mta-sp-e06.jcom.zaq.ne.jp;
bimi=skipped (DMARC did not pass);
arc=none (no signatures found);
dkim=none (no signatures found);
dmarc=fail policy.published-domain-policy=none
policy.applied-disposition=none policy.evaluated-disposition=none
policy.arc-aware-result=fail
(p=none,d=none,d.eval=none,arc_aware_result=fail) policy.policy-from=p
header.from=drei.at;
iprev=pass smtp.remote-ip=222.227.81.166 (mta-sp-e06.jcom.zaq.ne.jp);
spf=fail smtp.mailfrom=3serviceteam24@drei.at
smtp.helo=mta-sp-e06.jcom.zaq.ne.jp
X-ME-Authentication-Results: mx3.messagingengine.com;
x-aligned-from=pass (Address match);
x-return-mx=pass header.domain=drei.at policy.is_org=yes
(MX Records found: mail.drei.at);
x-return-mx=pass smtp.domain=drei.at policy.is_org=yes
(MX Records found: mail.drei.at);
x-tls=pass smtp.version=TLSv1.3 smtp.cipher=TLS_AES_256_GCM_SHA384
smtp.bits=256/256;
x-vs=commercial:mce score=17 state=11
Authentication-Results: mx3.messagingengine.com;
x-csa=none;
x-me-sender=none;
x-ptr=pass smtp.helo=mta-sp-e06.jcom.zaq.ne.jp
policy.ptr=mta-sp-e06.jcom.zaq.ne.jp
Authentication-Results: mx3.messagingengine.com;
bimi=skipped (DMARC did not pass)
Authentication-Results: mx3.messagingengine.com;
arc=none (no signatures found)
Authentication-Results: mx3.messagingengine.com;
dkim=none (no signatures found);
dmarc=fail policy.published-domain-policy=none
policy.applied-disposition=none policy.evaluated-disposition=none
policy.arc-aware-result=fail
(p=none,d=none,d.eval=none,arc_aware_result=fail) policy.policy-from=p
header.from=drei.at;
iprev=pass smtp.remote-ip=222.227.81.166 (mta-sp-e06.jcom.zaq.ne.jp);
spf=fail smtp.mailfrom=3serviceteam24@drei.at
smtp.helo=mta-sp-e06.jcom.zaq.ne.jp
X-ME-VSCause: gggruggvucftvghtrhhoucdtuddrgedvledrvdduuddgudehucetufdoteggodetrfdotf
fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu
rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucdnofetkffnkffpifculd
dujedmnecujfgurhepkfgghffuffgtsegrtdfttfdttdejnecuhfhrohhmpeefufgvrhhv
ihgtvgfvvggrmhcuoeefshgvrhhvihgtvghtvggrmhdvgeesughrvghirdgrtheqnecugg
ftrfgrthhtvghrnhepfedttefffeeugeehvddtgeelheetleeftddtveetfeeulefhjedt
geehudetveetnecuffhomhgrihhnpegurhgvihdrrghtpdhmhigslhhuvghhohhsthdrmh
gvpdhfrggtvggsohhokhdrtghomhdpihhnshhtrghgrhgrmhdrtghomhdpthifihhtthgv
rhdrtghomhdphihouhhtuhgsvgdrtghomhdplhhinhhkvgguihhnrdgtohhmpdigihhngh
drtghomhenucfkphepvddvvddrvddvjedrkedurdduieeinecuvehluhhsthgvrhfuihii
vgeptdenucfrrghrrghmpehinhgvthepvddvvddrvddvjedrkedurdduieeipdhhvghloh
epmhhtrgdqshhpqdgvtdeirdhjtghomhdriigrqhdrnhgvrdhjphdpmhgrihhlfhhrohhm
peeofehsvghrvhhitggvthgvrghmvdegsegurhgvihdrrghtqedpnhgspghrtghpthhtoh
epuddprhgtphhtthhopeeoughomhhinhhitgesthhmshhnrdgrtheq
X-ME-VSScore: 17
X-ME-VSCategory: commercial:mce
X-ME-CSA: none
X-ME-Received: <xmx:KmkvZsFNrrBAcycsjZGHfoT3_Ij4M2mIACnaOdMR5qMdvjO0EiKk7g>
Received-SPF: fail
(drei.at: Sender is not authorized by default to use '3serviceteam24@drei.at' in 'mfrom' identity (mechanism '-all' matched))
receiver=mx3.messagingengine.com;
identity=mailfrom;
envelope-from="3serviceteam24@drei.at";
helo=mta-sp-e06.jcom.zaq.ne.jp;
client-ip=222.227.81.166
Received: from mta-sp-e06.jcom.zaq.ne.jp (mta-sp-e06.jcom.zaq.ne.jp [222.227.81.166])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256)
(No client certificate requested)
by mx3.messagingengine.com (Postfix) with ESMTPS id 3D7B519600AE
for <{my-real-mail-address}>; Mon, 29 Apr 2024 05:32:24 -0400 (EDT)
Received: from mta-or-e02.jcom.zaq.ne.jp by osmta0018-jc.im.kddi.ne.jp
with ESMTP
id <20240429093221436.SZEY.122160.mta-or-e02.jcom.zaq.ne.jp@mta-sp-e06.jcom.zaq.ne.jp>;
Mon, 29 Apr 2024 18:32:21 +0900
Received: from [10.0.0.5] by omta0018-jc.im.kddi.ne.jp with SMTP
id <20240429093220189.NMLB.117143.[10.0.0.5]@mta-or-e02.jcom.zaq.ne.jp>;
Mon, 29 Apr 2024 18:32:20 +0900
Message-Id: <2T3NM7B-CNQT-PAAQ-1X6G-7N1FUVMMY2K@drei.at>
Mime-Version: 1.0
From: 3ServiceTeam <3serviceteam24@drei.at>
To: Undisclosed-Recipients:;
Subject: RufnummerDeaktivierung.
Date: Mon, 29 Apr 2024 09:32:20 GMT
Content-Type: multipart/alternative; Boundary="--=BOUNDARY_429932_FDVJ_NVIO_WXTI_WHEC"
X-TUID: NXL/rD0xTYmM
Content-Length: 17904
~~~
"Undisclosed-Recipients" is used when the sender does not provide a recipient in
the "To:" field but instead uses the "Bcc:" field.
The line `X-Delivered-to` shows the real recipient though.
## Notes
The email went through some japanese network when it finally hit the mailservers of
my mail provider.
Always check the destination of links in HTML mails! The link on line 78 for example
looks like (re-formatted):
~~~html
<div style="text-size-adjust: none; text-align: left;">
<span style="font-size: medium;">
<a href="https://wid.chh.mybluehost.me/website_7fb0c4ce/at/1">
<span class="main-copy" style="line-height: 20px;">
https://www.drei.at/selfcare/Verification.do?optInKey=id8630763
</span>
</a>
</span>
</div>
~~~
Also look at the Subject -- it looks a bit disturbing:
~~~plain
Subject: RufnummerDeaktivierung.
~~~