Here are some sample headers:
Example 1:
Received: from BN8PR16CA0009.namprd16.prod.outlook.com (2603:10b6:408:4c::22)
by CY4PR15MB1573.namprd15.prod.outlook.com (2603:10b6:903:fc::10) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.27; Mon, 19 Oct
2020 15:25:38 +0000
Received: from BN8NAM04FT059.eop-NAM04.prod.protection.outlook.com
(2603:10b6:408:4c:cafe::ce) by BN8PR16CA0009.outlook.office365.com
(2603:10b6:408:4c::22) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.20 via Frontend
Transport; Mon, 19 Oct 2020 15:25:38 +0000
Authentication-Results: spf=pass (sender IP is 104.47.58.168)
smtp.mailfrom=arcticbearinc.com; houghton.edu; dkim=none (message not signed)
header.d=none;houghton.edu; dmarc=pass action=none
header.from=arcticbearinc.com;compauth=pass reason=100
Received-SPF: Pass (protection.outlook.com: domain of arcticbearinc.com
designates 104.47.58.168 as permitted sender)
receiver=protection.outlook.com; client-ip=104.47.58.168;
helo=NAM11-BN8-obe.outbound.protection.outlook.com;
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (104.47.58.168)
by BN8NAM04FT059.mail.protection.outlook.com (10.13.160.182) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.3455.27 via Frontend Transport; Mon, 19 Oct 2020 15:25:36 +0000
Received: from CO2PR04CA0064.namprd04.prod.outlook.com (2603:10b6:102:1::32)
by MW3PR15MB3771.namprd15.prod.outlook.com (2603:10b6:303:4f::9) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.21; Mon, 19 Oct
2020 15:25:35 +0000
Received: from CO1NAM04FT011.eop-NAM04.prod.protection.outlook.com
(2603:10b6:102:1:cafe::35) by CO2PR04CA0064.outlook.office365.com
(2603:10b6:102:1::32) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.21 via Frontend
Transport; Mon, 19 Oct 2020 15:25:35 +0000
Authentication-Results-Original: spf=pass (sender IP is 104.47.56.175)
smtp.mailfrom=arcticbearinc.com; houghton.edu; dkim=none (message not signed)
header.d=none;houghton.edu; dmarc=pass action=none
header.from=arcticbearinc.com;compauth=pass reason=100
Received-SPF: Pass (protection.outlook.com: domain of arcticbearinc.com
designates 104.47.56.175 as permitted sender)
receiver=protection.outlook.com; client-ip=104.47.56.175;
helo=NAM11-CO1-obe.outbound.protection.outlook.com;
Received: from NAM11-CO1-obe.outbound.protection.outlook.com (104.47.56.175)
by CO1NAM04FT011.mail.protection.outlook.com (10.152.90.158) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.3455.27 via Frontend Transport; Mon, 19 Oct 2020 15:25:34 +0000
Received: from BN8PR15CA0032.namprd15.prod.outlook.com (2603:10b6:408:c0::45)
by BN6PR15MB1588.namprd15.prod.outlook.com (2603:10b6:404:c7::16) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.27; Mon, 19 Oct
2020 15:25:32 +0000
Received: from BN8NAM04FT049.eop-NAM04.prod.protection.outlook.com
(2603:10b6:408:c0:cafe::2) by BN8PR15CA0032.outlook.office365.com
(2603:10b6:408:c0::45) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.22 via Frontend
Transport; Mon, 19 Oct 2020 15:25:32 +0000
Authentication-Results-Original: spf=fail (sender IP is 67.219.250.115)
smtp.mailfrom=arcticbearinc.com; houghton.edu; dkim=none (message not signed)
header.d=none;houghton.edu; dmarc=fail action=oreject
header.from=arcticbearinc.com;compauth=fail reason=000
Received-SPF: Fail (protection.outlook.com: domain of arcticbearinc.com does
not designate 67.219.250.115 as permitted sender)
receiver=protection.outlook.com; client-ip=67.219.250.115;
helo=mail1.bemta24.messagelabs.com;
Received: from mail1.bemta24.messagelabs.com (67.219.250.115) by
BN8NAM04FT049.mail.protection.outlook.com (10.13.161.125) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.3455.27 via Frontend Transport; Mon, 19 Oct 2020 15:25:31 +0000
Return-Path:
info@arcticbearinc.comReceived: from [100.112.132.75] (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256 bits))
by server-4.bemta.az-b.us-west-2.aws.symcld.net id FF/C1-56365-5EFAD8F5; Mon, 19 Oct 2020 15:25:25 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA1WTa0ybZRTHed6+7Vsn1bbM8NJlcenmlbRAdXr
2YQZNFl/JMiCakOEUy+igSltsi4AYKchEEEa3Ebd2XVZuA7mMcpmUOxTGuDNMsyEOCGXAABlg
xnU4fVtkzi+//J9zTs7//+E8bAY/hxCwZfFamVopjRayduEt95ceiqYqssJ8R354FtJ62jHQT
bSzIKWgnoBBuw6HtOxfmNDyexEGtqo6DB6cseCgb73LhLpsKw6OjgR4dC2HgNUiMwPKBlJwMF
VbMHhsHcfA0b7IhJqrPxGQ3l2Pw9DmFQJWDH0EdKbvgbG/5TBlyWFAia4Lh+JcB23avMKAuVs
WAu63lhKwlGVhQdOwBcFg+iyC3I5iHPonaxE0jDJgJL+fCSvTWjAsP8IgeauRAEPLBhOKbPSO
ydUxAu6er8Igr0ePgf7yBoLC0VwcKgYaERhtqxgY5ypxyCi3E/4S6i/dDYwab/iZoAastSyqf
HmWoLru8CjzxiEq3exBLdZssaiG5gGCmh96njo/aULU6oiOSbXp2xCVvLDGoEoe6hmU/lIhEb
QvlClXhqviP2NG5U59EXMBi+/NLSB0aBNloGfYfO5LpL3tCsOpWVwRaey97qp7cPeRoxdrcKf
G6Znbi+uEU3O4PLLbcM9VZ3B9yaH2Jta2fpGsXTC59pBcDnkxbQrf1l7kd6WOf7WEPPP9DLGt
gbzVO4R2ZtqKh3E9cjc+ZWF8ysL4lIUZMUoQhKvlkVFahVQeLfLz9RX5+UlEfm9IRJI3JWLp1
6JwcaxGFCfTaEX0M04j1iQoTkZHiJUybRWijywiJvVPK9L9sSS2IS82JnyB87EpK4z/XLgqIi
FKqokKU8dGyzQ29CqbzU1ezLuDBLhSpZQJSY7hGj3HU8siZfGn5NH02e6Mkmx34W4Ojz5cPkc
TI1Vo5JHbrR70Cbv9dn4eg+0oKaC57OKai+suFlx3srXNyRlTIc26yzT5Lk+BJ+e405PrXBoV
q3xiufNZfkV7BR4c5ObmxnePkakVcu3/+3PIk42EHhxvZzR3uVL7JNkcHRqjQx/OznSG1kr/a
wl02OfKkGjRkfZmZujhE9gxR8Dpx0qmnV3ev99a4n22JQhbTRVe6u6bsHwTXBn36ezbgz4KAz
he+Q2v8fAOqeioTzkxYz8SeGA6v3nQHhSe+FpmX8CDJJ8ew+a80jSjMu/Of+/Lg43ndqXe7HN
H1DtfJdXvSdyyzWfmZH/0Ps57S9CmCvSy8m5WQnCpLSPgA37zwgGLytpp/vFoUmFelpA5Hpp/
cGiYJ/bkb8zb3n25OrS7s0D2LVEWeK8nnhUwVhZ8NOtD7vSKyuJ+SFDZL8vxVPjfOHUhNSRR0
iTFM04KbZLJtXW5cXxoq7qy6/Ti6Cjzqr8PO0CyHnl8/95jZydCqoS4Jkrq9zpDrZH+A+HOtF
OnBAAA
X-Env-Sender:
info@arcticbearinc.comX-Msg-Ref: server-7.tower-340.messagelabs.com!1603121079!244!1
X-Originating-IP: [191.232.240.244]
X-SYMC-ESS-Client-Auth: outbound-route-from=fail
X-StarScan-Received:
X-StarScan-Version: 9.60.3; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 26965 invoked from network); 19 Oct 2020 15:25:24 -0000
Received: from unknown (HELO User) (191.232.240.244)
by server-7.tower-340.messagelabs.com with SMTP; 19 Oct 2020 15:25:24 -0000
Reply-To: <
majidaluttaim@vivaldi.net>
From: "MAJID FUTTAIM"<
info@arcticbearinc.com>
Subject: CAN WE PARTNER TOGETHER
Date: Mon, 19 Oct 2020 23:25:21 +0800
Content-Type: text/html;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-CFilter-Loop: Reflected
Message-ID: <
9780a150-8957-4fcc-9116-2291e4430560@BN8NAM04FT049.eop-NAM04.prod.protection.outlook.com>
To: Undisclosed recipients:;
X-EOPAttributedMessage: 2
X-EOPTenantAttributedMessage: 7af6c8cb-ea78-42bd-bc80-3345238bb9f4:2
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: a44430fa-51c1-40f8-3818-08d874433b2f
X-MS-TrafficTypeDiagnostic: BN6PR15MB1588:|MW3PR15MB3771:|CY4PR15MB1573:
X-MS-Oob-TLC-OOBClassifiers: OLM:4941;OLM:4941;OLM:4941;
X-Forefront-Antispam-Report-Untrusted: CIP:67.219.250.115;CTRY:US;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:mail1.bemta24.messagelabs.com;PTR:mail1.bemta24.messagelabs.com;CAT:SPOOF;SFS:(9686003)(31686004)(109986005)(3480700007)(5660300002)(4186021)(4270600006)(558084003)(8676002)(956004)(336012)(31696002)(86362001)(7636003)(6666004)(1096003)(26005)(356005)(7596003)(2700400008);DIR:INB;
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: =?windows-1251?Q?FMYsVfRs+dYTju6lKw8jr/YCfKWkPPo76zHCuC285OPpMRVxeUp0lJ97?=
=?windows-1251?Q?op87dLO8mJp+936oYsOWc7k1WGK/BwbWKaom1yDgARdKtPm50eAspox0?=
=?windows-1251?Q?67mI1TV+4dkWVAvdf5UomOg2GzCj4EwBLdqlkll6pnk662FF1FEpeGlW?=
=?windows-1251?Q?y7H3u8PZonlnHWNrz3RwKopoT0NiAvVjPJxO/FRYbi34pyy2JEw5g9XB?=
=?windows-1251?Q?ZQehgjc6HwT6CUNIXqrm10lk9+WSSXwUrg/8XkRg7OrSBt/hn/KC96j1?=
=?windows-1251?Q?EI6Q5HTQofudqNcLhklW0yUjotS6pJ3t0LylvHeIqT4t5CQljQGdUDIF?=
=?windows-1251?Q?ZD44Jh0TReBY097E5ePt6U+E5+/d5TY+YzjkQPpdd9NQq90lzwoXlPpm?=
=?windows-1251?Q?Sig3QQwyKNNbjoFt1LGAyp9UhmQqaqND7OrW8y1Mi3jNYnfa6Ena0knQ?=
=?windows-1251?Q?20jw+0AETTjinWoLSKjyG8YY7ZJcRsjcdv6IeBFfK8RI/9YHXtcac0U1?=
=?windows-1251?Q?YnwVYya6aOdqH4RMKfjhPN72wEfhHwz1OVg/wxNXfuEtVMKbHpJw/9X2?=
=?windows-1251?Q?ga/cnUeziTwB/1HZv7hlS3/YIJtrI6odgCtAID0ui8Yn+aFM5Z126u+8?=
=?windows-1251?Q?+VBO3NSqawj/OTGGH/Ai49a9915RynbBLX9H9CEnouDSYTc8qX+zq6LR?=
=?windows-1251?Q?d/ChN5ofhYHFlSc/RpK3cuaby4H6/5WZQ3M9UOx53NMRURNlU10BqUYv?=
=?windows-1251?Q?KNTUjhRrc8Cb5rnq0ujrXSOJ4Zf6H71gqEw9nny0oL+sWobvwq0K/9Tm?=
=?windows-1251?Q?L+b8vtJwe09uEho/jMcBvQECaamM5zDEdBbPjuHH228uqn/3EreZz0Rl?=
=?windows-1251?Q?Y4CUMv1UtEXg6z5yHFf5Az/S0wYdWJP232WNKzNWsCKqrfYzkGfWi3rj?=
=?windows-1251?Q?k2NjX518xEWpKGH/mrw0E8Y09WRnaGRGe+8Bn8UcN4M1ieobF/tT/Ny8?=
=?windows-1251?Q?JOdwAJxr4XX4yECkQ2Ij3P65h0VneBrT5Rai37zxHm34P9CSVDeV9w44?=
=?windows-1251?Q?Bd1tZ3NN1kXJKldsxt8vSWGjijETJccuQJX4bctNIXQXFrFFQwYfSQcz?=
=?windows-1251?Q?HiSauGQcn4kMjl+XNqIdfFP0H0hI3hu9smrrb60N7x8kFqcz3ZxuItrG?=
=?windows-1251?Q?ufM0zPv+rqS++ytRyfTVw0VOZORHx9Bzbrv1X78F0YfcefVhYFknyJeZ?=
=?windows-1251?Q?/UBNYGsq2MWqFBt2gYhRpqCv+ruKge9Um8dhHYzxwfzdGTvFpzZZpRTi?=
=?windows-1251?Q?D3RXxpWFK+Lo1RYBCHEjTQyfYmWMU4JKO5xyng+2vuft0AFLIiNm4lcC?=
=?windows-1251?Q?aqHSumoh2r/YPgcKKmrOt6K65PxF+nqvRiFu2jXV0ZJGnuFe/P8Ja289?=
=?windows-1251?Q?3EsmJYHGWte0fuG6sxoa10b4PnjSGAU61wZXfarJCZg/sXAf/3ZWPAKH?=
=?windows-1251?Q?+DMU9q3KRz5Mol7yHFWn+RdTI3kLc7YSH3v6GJHkJiu5Ns3CFmd7FUfe?=
=?windows-1251?Q?GRaGhwq+ZyZA5tu2RLvickPE2y8DG8/WlJmictv2gFpL397LeexJXc1A?=
=?windows-1251?Q?ykY4136NUbUBT5wvFKb7J3BoaXPplr/jb0iLnYjiAdQZm7CpeQ+/HoRu?=
=?windows-1251?Q?WI07XlQ4ap5thIMAqwT1Bq+WLTKxRN02f2xzbWTob9xTqUtIVdxLgcZ5?=
=?windows-1251?Q?9Sr2UdmTAiTg32vAS4mhpdUi4zvt/OrU+RGkHvmOP8zZ02uB9+DEbQ3h?=
=?windows-1251?Q?6DQYZwICvda9hJLsPjOa7sVzq7yAOILFDF+jj9yakLFUazeVDAyaG2su?=
=?windows-1251?Q?S4RrATRA2fghu2LFErg05PTfr+b4Enst93UW9rFqVqY9eosw2uRnPQ1Z?=
=?windows-1251?Q?ErAIOk+IWN3NIyqUgCh/f1F7CvcR1+G486CF8dC7RFjwA9Ts40iuVzhQ?=
=?windows-1251?Q?4AlJl8abWEeD0GFvDlmV1AFe14jXKyErXalfmb1I+nSKmkkKNiQSVWM4?=
=?windows-1251?Q?n8Qv5tljV9h7kFKoY7sI1pLO0USezbqK5WjvoToazh/R3mm9/5EUDbsb?=
=?windows-1251?Q?SLw=3D?=
X-ExternalRecipientOutboundConnectors: 7af6c8cb-ea78-42bd-bc80-3345238bb9f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR15MB1588
X-MS-Exchange-Transport-CrossTenantHeadersStripped: CO1NAM04FT011.eop-NAM04.prod.protection.outlook.com
X-MS-Exchange-Transport-CrossTenantHeadersPromoted: CO1NAM04FT011.eop-NAM04.prod.protection.outlook.com
X-MS-Office365-Filtering-Correlation-Id-Prvs: 85636768-5d98-4b06-b32b-08d8744337e3
X-Forefront-Antispam-Report-Untrusted: CIP:104.47.56.175;CTRY:US;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:NAM11-CO1-obe.outbound.protection.outlook.com;PTR:mail-co1nam11lp2175.outbound.protection.outlook.com;CAT:SPM;SFS:(6666004)(3480700007)(5660300002)(7636003)(31686004)(1096003)(4270600006)(336012)(26005)(558084003)(31696002)(8676002)(86362001)(109986005)(9686003)(956004)(2700400008);DIR:INB;
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: =?windows-1251?Q?ie1H/7TnTTWr+5I5WMo2x1GEw0lkdCRxBFSLn/LWjP8zZ6FmTSyGfSgF?=
=?windows-1251?Q?po+rNpQa1YD8a1Rm+M1KJwgceBlW2Wm2P+yno30YDmTR+6PfFu4PTiHx?=
=?windows-1251?Q?tYKfxHJ7OioRMmmJdBtau+LFJtPvhDdVmBWn/tfqCykDWVUK/Y9L7NbB?=
=?windows-1251?Q?yuMZNZ27wOLhBjm7ZNy2XVu8h7k2jiyoFJMtavqUeiLqktw6LdxcCgQL?=
=?windows-1251?Q?A98PEJpgW4bY5XcSHPudeB9ciTc0vPPq81OpJlm6eUgWZAG9QWvpdRoz?=
=?windows-1251?Q?TJw8okS6aWcrLw9GryMPy9LlfqKUOTNqifaOIhYotbcf+oQouj11WkP/?=
=?windows-1251?Q?34+a3BOeMubZ07Za2r/Ll9HUrIa+nxPSDHZ1xXERNND2RI7W/XOu6AiC?=
=?windows-1251?Q?ncYrSpI+KEa5w08d3lxGWL8kKeJnhNxIcIU9LAoYS31BrFNMEhiQesae?=
=?windows-1251?Q?URTvvtI9rpykcSMYW9WRHui5kdu1M7UaFwOEwbMkfSsSJnzfACgnczMN?=
=?windows-1251?Q?t6+qRI1YsjTw3meYDclu6ZKzfxC48BYdG/Lg+NqcnVv63ebI/XLH9jan?=
=?windows-1251?Q?4Ks1joVqlhRKAYBO89WnNqO7wPP/VcD4NxI/UAIZvA2abIYJt/41muIl?=
=?windows-1251?Q?bW+ugp8LkjOdrfit0w3xVYd+/B5nupfXUNCUBd8AVlZpgqYUMuf6RaYG?=
=?windows-1251?Q?ydZIP80UJh6llCCBsUJRaAbbH3GoKOHVwSrSKjm52uLCZERsPy2O7pin?=
=?windows-1251?Q?OLxf4WWsvKni8wB99zSWvBMPu21vBi7e/Jf733gwAPczQ/Ylb0dGgse7?=
=?windows-1251?Q?w7WO3aPzlffA9mfURJIu8XFF7OWqB7S09Dnem8/u1i/SIvYb3X9WwY8J?=
=?windows-1251?Q?Ijx0jOyrEzhVsObEzmaDEF/T7AXLKpe8Nxr64xWxTm0JrWX8GRGF/HYJ?=
=?windows-1251?Q?S7fYSkw25sRBVNDjuR3N8UdoRqTghvZgIkvUHdSNu62S55LasI5AmGh7?=
=?windows-1251?Q?+UwgL6DpXnrycrB/RFHv+X+JYGbeC/NzNCNhX9WMkpBfJKZ8amDdluGj?=
=?windows-1251?Q?BrAThNy66l7UW+X/GFqr8SSaPKpBoHdNRqlW4gNqXAtuzncPAvR1KP7u?=
=?windows-1251?Q?bb60ZLl0DCd4O8rBAazb91bBN4logjsFkE6+sHsX3K2XlXrflskGmrB9?=
=?windows-1251?Q?5OiduolV9MA9EUckyl9Qxg01+pI023GXtz1DEEiAIpvx9mx6jiDL699Y?=
=?windows-1251?Q?hI33Dfy38ZqY/8yHtSVtjtZTtf08dfidW4753TF9xpPNkMDhn0qEuSxO?=
=?windows-1251?Q?vPuthXYfqDt3/jwEibMbopyVruW6ix1mvazHdB6keLiSOIxgLdN9Laed?=
=?windows-1251?Q?3kN5FPBs2XAtVdPo8O+wHoxXh6kIHwaYRQ6sepoKLg6eUMUBovOueHH5?=
=?windows-1251?Q?q83aOkMzb5whO0htXiGyb9R5ZTR5DyoDw+sSdKegtBKKW5JAjH7fi7fk?=
=?windows-1251?Q?ez8eX1RtbzKqUz/YSHod7NoUhiphdKrkyqGB48b232FfKCNoM+eo49a6?=
=?windows-1251?Q?khFzxBMtdOvp6TtDFAMP48VA2rdNIMN67FaenHS9+/OcBycH8OB3rdeG?=
=?windows-1251?Q?ibgVEru3owUEtWYTfk1HKj1SjVXgNqFP5BhXXgxg/pn2KZ1Vv9XHhz5b?=
=?windows-1251?Q?djCn9TGsVRM+NFm1gx8G1rKPPg8Tq1ER?=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW3PR15MB3771
X-MS-Exchange-Transport-CrossTenantHeadersStripped: BN8NAM04FT059.eop-NAM04.prod.protection.outlook.com
X-MS-Exchange-Transport-CrossTenantHeadersPromoted: BN8NAM04FT059.eop-NAM04.prod.protection.outlook.com
X-MS-Office365-Filtering-Correlation-Id-Prvs:
9988837f-29b3-4224-8bce-08d87443390c
X-Forefront-Antispam-Report:
CIP:104.47.58.168;CTRY:US;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:NAM11-BN8-obe.outbound.protection.outlook.com;PTR:mail-bn8nam11lp2168.outbound.protection.outlook.com;CAT:SPM;SFS:(6666004)(956004)(336012)(1096003)(5660300002)(9686003)(31696002)(558084003)(31686004)(3480700007)(26005)(109986005)(4270600006)(86362001)(7636003)(8676002)(2700400008);DIR:INB;
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
=?us-ascii?Q?IfQUTj+ZD/RbtB5PUQVycvdFv8qKG+j5qnagWbFD9Cuc9INBF9thAvmSPJjq?=
=?us-ascii?Q?m2sZBoSWDX1LcmRL1cddd/uHObNTNBgf9ITDZaKb3edCtz1w2ajejKG4j1Cc?=
=?us-ascii?Q?j7SVMqdPe3qzsbdD7JRAuDPwHGBS5JxGGHv3QQJ2+QZoNHTs49B+DIvlwt+v?=
=?us-ascii?Q?oUrWf3hAjj4pP2X0tDbeZ9RGLXDPnqJP/Ww8zZkhgO6kwP+lX/Yi4SM2nKfE?=
=?us-ascii?Q?+IEdnWVvzzIWBoJy9/WKefkuE9l0nw7Pu99+dXgnCh+uK9lcJ6PqGZ7v7NXb?=
=?us-ascii?Q?q88FxwAdRKP7rQdYO9Lh+uFPtnAp+nfxW5SyzvnGhIjT+N7y9yard+xxiVXT?=
=?us-ascii?Q?L6texscQqsCXj0Afj/oQzZ3Inr1ZY/XRBtNEC8bCiDiwZpd2gITCXwQ8ThyQ?=
=?us-ascii?Q?nqUxxfCAL/oVhpoJo2ZGoMeVMWtVCJ4KOVsMsuZNggiuRdMyBFwkmom9KlEN?=
=?us-ascii?Q?J7XKjdrzny+GTuqNuOKIf59gpHm9nutsef+FYAV2puKz6TwBJ+xbtCfFBB4C?=
=?us-ascii?Q?Drx2KS80gsYrVfhb73jGS1R3Xd0oT4rOlDcYennRSWASfW1NS/0scdG/BJtA?=
=?us-ascii?Q?xEsBnvshVTLTbhgMYwpOr6+GzP3G4Dr4MGqATy5s52ta/C5PKEf4oleF4QrB?=
=?us-ascii?Q?cavZ6MNS/1aAPjc3ZIwwEhS3CU7ttFRQm5C/7b0Sts4m+5fPnqH4sZRSx5St?=
=?us-ascii?Q?gPmzjuz0jgXd9kOCKKPANHlg2GH95F6tjaL6J22sc1jzX0HASQ36pqOTM8xz?=
=?us-ascii?Q?9Oqd+OWCcPynO8V8gdfyzTdv0eGL0pJjAyf8QqPxf3LTDImQxIvUaMPPgcnw?=
=?us-ascii?Q?+9xat6Vva/r5rkJT8wDuImw5dlmFwpvwHh5U8Zed8AN9oiisG7Z8I/1gT7Na?=
=?us-ascii?Q?AvrYS2GBUofshxsuhtauB7qHpaQ1AEYKxKkDMkTsp2NhLpfvShj8s1UOPzhr?=
=?us-ascii?Q?4fPO3z/g82066g92CHiUyoDzWjsdo4PwTqlUqN188UdaMgbejePnB0A8vc2s?=
=?us-ascii?Q?z6JIJPDq0mi4tmDANwUR4k5H20EejKUq1t5ff0Jgs2OGcsa80Vp+MGyYDn5G?=
=?us-ascii?Q?KpYCaYaWEdjwv5W0W+EgQHhAuys//nXNh5YPmPwh+ikTdXjcIzi/JxCkF7di?=
=?us-ascii?Q?9fOctCSa3pbY/Ko17whKa7JixTcmcMOnpym78WCHlfH9pa95XO6xR0dLyjSu?=
=?us-ascii?Q?GR7Lrpi7OCa+LXp1g4GtFR4epOgn2u0NY0sx1VP/+s5ap33HjOhV1kg4waSc?=
=?us-ascii?Q?kdd0cgwbomzsuBQrwXDIa7hrhRJQIesD2/1yuD8/t/um9q0H7lhdi5rDLjA2?=
=?us-ascii?Q?cnOebzvHZ5AsKIlr9txAuRSJbYP5cbeRos2DmSs72Lq/wBSLATIUAK3whMBD?=
=?us-ascii?Q?ZiV7SAmVmdGB9OoUguykH86iWiq4hH32ZjzDf5PGR5FBgoMxTuHN7Qeffai/?=
=?us-ascii?Q?j8+X+zsSGZrC6hRUJi+qnqCj5de2pcZib1FSkaiNZXIm820l2I6i7iS2eWJJ?=
=?us-ascii?Q?XF+M1HBDd5oB67QbaBeShAtD63GjjPUeIObot2Iif4KjOAHBIYDdcku7Eype?=
=?us-ascii?Q?nYjXr25IUl/+ME/Phkk3xpcyu+ul3P8NSzYpD6jZ?=
X-OriginatorOrg: houghton.edu
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Oct 2020 15:25:36.8451
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: a44430fa-51c1-40f8-3818-08d874433b2f
X-MS-Exchange-CrossTenant-Id: 7af6c8cb-ea78-42bd-bc80-3345238bb9f4
X-MS-Exchange-CrossTenant-AuthSource:
BN8NAM04FT059.eop-NAM04.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR15MB1573
MIME-Version: 1.0
Example 2:
Received: from BN8PR16CA0009.namprd16.prod.outlook.com (2603:10b6:408:4c::22)
by CY4PR15MB1573.namprd15.prod.outlook.com (2603:10b6:903:fc::10) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.27; Mon, 19 Oct
2020 15:25:38 +0000
Received: from BN8NAM04FT059.eop-NAM04.prod.protection.outlook.com
(2603:10b6:408:4c:cafe::ce) by BN8PR16CA0009.outlook.office365.com
(2603:10b6:408:4c::22) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.20 via Frontend
Transport; Mon, 19 Oct 2020 15:25:38 +0000
Authentication-Results: spf=pass (sender IP is 104.47.58.168)
smtp.mailfrom=arcticbearinc.com; houghton.edu; dkim=none (message not signed)
header.d=none;houghton.edu; dmarc=pass action=none
header.from=arcticbearinc.com;compauth=pass reason=100
Received-SPF: Pass (protection.outlook.com: domain of arcticbearinc.com
designates 104.47.58.168 as permitted sender)
receiver=protection.outlook.com; client-ip=104.47.58.168;
helo=NAM11-BN8-obe.outbound.protection.outlook.com;
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (104.47.58.168)
by BN8NAM04FT059.mail.protection.outlook.com (10.13.160.182) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.3455.27 via Frontend Transport; Mon, 19 Oct 2020 15:25:36 +0000
Received: from CO2PR04CA0064.namprd04.prod.outlook.com (2603:10b6:102:1::32)
by MW3PR15MB3771.namprd15.prod.outlook.com (2603:10b6:303:4f::9) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.21; Mon, 19 Oct
2020 15:25:35 +0000
Received: from CO1NAM04FT011.eop-NAM04.prod.protection.outlook.com
(2603:10b6:102:1:cafe::35) by CO2PR04CA0064.outlook.office365.com
(2603:10b6:102:1::32) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.21 via Frontend
Transport; Mon, 19 Oct 2020 15:25:35 +0000
Authentication-Results-Original: spf=pass (sender IP is 104.47.56.175)
smtp.mailfrom=arcticbearinc.com; houghton.edu; dkim=none (message not signed)
header.d=none;houghton.edu; dmarc=pass action=none
header.from=arcticbearinc.com;compauth=pass reason=100
Received-SPF: Pass (protection.outlook.com: domain of arcticbearinc.com
designates 104.47.56.175 as permitted sender)
receiver=protection.outlook.com; client-ip=104.47.56.175;
helo=NAM11-CO1-obe.outbound.protection.outlook.com;
Received: from NAM11-CO1-obe.outbound.protection.outlook.com (104.47.56.175)
by CO1NAM04FT011.mail.protection.outlook.com (10.152.90.158) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.3455.27 via Frontend Transport; Mon, 19 Oct 2020 15:25:34 +0000
Received: from BN8PR15CA0032.namprd15.prod.outlook.com (2603:10b6:408:c0::45)
by BN6PR15MB1588.namprd15.prod.outlook.com (2603:10b6:404:c7::16) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.27; Mon, 19 Oct
2020 15:25:32 +0000
Received: from BN8NAM04FT049.eop-NAM04.prod.protection.outlook.com
(2603:10b6:408:c0:cafe::2) by BN8PR15CA0032.outlook.office365.com
(2603:10b6:408:c0::45) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.22 via Frontend
Transport; Mon, 19 Oct 2020 15:25:32 +0000
Authentication-Results-Original: spf=fail (sender IP is 67.219.250.115)
smtp.mailfrom=arcticbearinc.com; houghton.edu; dkim=none (message not signed)
header.d=none;houghton.edu; dmarc=fail action=oreject
header.from=arcticbearinc.com;compauth=fail reason=000
Received-SPF: Fail (protection.outlook.com: domain of arcticbearinc.com does
not designate 67.219.250.115 as permitted sender)
receiver=protection.outlook.com; client-ip=67.219.250.115;
helo=mail1.bemta24.messagelabs.com;
Received: from mail1.bemta24.messagelabs.com (67.219.250.115) by
BN8NAM04FT049.mail.protection.outlook.com (10.13.161.125) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.3455.27 via Frontend Transport; Mon, 19 Oct 2020 15:25:31 +0000
Return-Path:
info@arcticbearinc.comReceived: from [100.112.132.75] (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256 bits))
by server-4.bemta.az-b.us-west-2.aws.symcld.net id FF/C1-56365-5EFAD8F5; Mon, 19 Oct 2020 15:25:25 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA1WTa0ybZRTHed6+7Vsn1bbM8NJlcenmlbRAdXr
2YQZNFl/JMiCakOEUy+igSltsi4AYKchEEEa3Ebd2XVZuA7mMcpmUOxTGuDNMsyEOCGXAABlg
xnU4fVtkzi+//J9zTs7//+E8bAY/hxCwZfFamVopjRayduEt95ceiqYqssJ8R354FtJ62jHQT
bSzIKWgnoBBuw6HtOxfmNDyexEGtqo6DB6cseCgb73LhLpsKw6OjgR4dC2HgNUiMwPKBlJwMF
VbMHhsHcfA0b7IhJqrPxGQ3l2Pw9DmFQJWDH0EdKbvgbG/5TBlyWFAia4Lh+JcB23avMKAuVs
WAu63lhKwlGVhQdOwBcFg+iyC3I5iHPonaxE0jDJgJL+fCSvTWjAsP8IgeauRAEPLBhOKbPSO
ydUxAu6er8Igr0ePgf7yBoLC0VwcKgYaERhtqxgY5ypxyCi3E/4S6i/dDYwab/iZoAastSyqf
HmWoLru8CjzxiEq3exBLdZssaiG5gGCmh96njo/aULU6oiOSbXp2xCVvLDGoEoe6hmU/lIhEb
QvlClXhqviP2NG5U59EXMBi+/NLSB0aBNloGfYfO5LpL3tCsOpWVwRaey97qp7cPeRoxdrcKf
G6Znbi+uEU3O4PLLbcM9VZ3B9yaH2Jta2fpGsXTC59pBcDnkxbQrf1l7kd6WOf7WEPPP9DLGt
gbzVO4R2ZtqKh3E9cjc+ZWF8ysL4lIUZMUoQhKvlkVFahVQeLfLz9RX5+UlEfm9IRJI3JWLp1
6JwcaxGFCfTaEX0M04j1iQoTkZHiJUybRWijywiJvVPK9L9sSS2IS82JnyB87EpK4z/XLgqIi
FKqokKU8dGyzQ29CqbzU1ezLuDBLhSpZQJSY7hGj3HU8siZfGn5NH02e6Mkmx34W4Ojz5cPkc
TI1Vo5JHbrR70Cbv9dn4eg+0oKaC57OKai+suFlx3srXNyRlTIc26yzT5Lk+BJ+e405PrXBoV
q3xiufNZfkV7BR4c5ObmxnePkakVcu3/+3PIk42EHhxvZzR3uVL7JNkcHRqjQx/OznSG1kr/a
wl02OfKkGjRkfZmZujhE9gxR8Dpx0qmnV3ev99a4n22JQhbTRVe6u6bsHwTXBn36ezbgz4KAz
he+Q2v8fAOqeioTzkxYz8SeGA6v3nQHhSe+FpmX8CDJJ8ew+a80jSjMu/Of+/Lg43ndqXe7HN
H1DtfJdXvSdyyzWfmZH/0Ps57S9CmCvSy8m5WQnCpLSPgA37zwgGLytpp/vFoUmFelpA5Hpp/
cGiYJ/bkb8zb3n25OrS7s0D2LVEWeK8nnhUwVhZ8NOtD7vSKyuJ+SFDZL8vxVPjfOHUhNSRR0
iTFM04KbZLJtXW5cXxoq7qy6/Ti6Cjzqr8PO0CyHnl8/95jZydCqoS4Jkrq9zpDrZH+A+HOtF
OnBAAA
X-Env-Sender:
info@arcticbearinc.comX-Msg-Ref: server-7.tower-340.messagelabs.com!1603121079!244!1
X-Originating-IP: [191.232.240.244]
X-SYMC-ESS-Client-Auth: outbound-route-from=fail
X-StarScan-Received:
X-StarScan-Version: 9.60.3; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 26965 invoked from network); 19 Oct 2020 15:25:24 -0000
Received: from unknown (HELO User) (191.232.240.244)
by server-7.tower-340.messagelabs.com with SMTP; 19 Oct 2020 15:25:24 -0000
Reply-To: <
majidaluttaim@vivaldi.net>
From: "MAJID FUTTAIM"<
info@arcticbearinc.com>
Subject: CAN WE PARTNER TOGETHER
Date: Mon, 19 Oct 2020 23:25:21 +0800
Content-Type: text/html;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-CFilter-Loop: Reflected
Message-ID: <
9780a150-8957-4fcc-9116-2291e4430560@BN8NAM04FT049.eop-NAM04.prod.protection.outlook.com>
To: Undisclosed recipients:;
X-EOPAttributedMessage: 2
X-EOPTenantAttributedMessage: 7af6c8cb-ea78-42bd-bc80-3345238bb9f4:2
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: a44430fa-51c1-40f8-3818-08d874433b2f
X-MS-TrafficTypeDiagnostic: BN6PR15MB1588:|MW3PR15MB3771:|CY4PR15MB1573:
X-MS-Oob-TLC-OOBClassifiers: OLM:4941;OLM:4941;OLM:4941;
X-Forefront-Antispam-Report-Untrusted: CIP:67.219.250.115;CTRY:US;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:mail1.bemta24.messagelabs.com;PTR:mail1.bemta24.messagelabs.com;CAT:SPOOF;SFS:(9686003)(31686004)(109986005)(3480700007)(5660300002)(4186021)(4270600006)(558084003)(8676002)(956004)(336012)(31696002)(86362001)(7636003)(6666004)(1096003)(26005)(356005)(7596003)(2700400008);DIR:INB;
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: =?windows-1251?Q?FMYsVfRs+dYTju6lKw8jr/YCfKWkPPo76zHCuC285OPpMRVxeUp0lJ97?=
=?windows-1251?Q?op87dLO8mJp+936oYsOWc7k1WGK/BwbWKaom1yDgARdKtPm50eAspox0?=
=?windows-1251?Q?67mI1TV+4dkWVAvdf5UomOg2GzCj4EwBLdqlkll6pnk662FF1FEpeGlW?=
=?windows-1251?Q?y7H3u8PZonlnHWNrz3RwKopoT0NiAvVjPJxO/FRYbi34pyy2JEw5g9XB?=
=?windows-1251?Q?ZQehgjc6HwT6CUNIXqrm10lk9+WSSXwUrg/8XkRg7OrSBt/hn/KC96j1?=
=?windows-1251?Q?EI6Q5HTQofudqNcLhklW0yUjotS6pJ3t0LylvHeIqT4t5CQljQGdUDIF?=
=?windows-1251?Q?ZD44Jh0TReBY097E5ePt6U+E5+/d5TY+YzjkQPpdd9NQq90lzwoXlPpm?=
=?windows-1251?Q?Sig3QQwyKNNbjoFt1LGAyp9UhmQqaqND7OrW8y1Mi3jNYnfa6Ena0knQ?=
=?windows-1251?Q?20jw+0AETTjinWoLSKjyG8YY7ZJcRsjcdv6IeBFfK8RI/9YHXtcac0U1?=
=?windows-1251?Q?YnwVYya6aOdqH4RMKfjhPN72wEfhHwz1OVg/wxNXfuEtVMKbHpJw/9X2?=
=?windows-1251?Q?ga/cnUeziTwB/1HZv7hlS3/YIJtrI6odgCtAID0ui8Yn+aFM5Z126u+8?=
=?windows-1251?Q?+VBO3NSqawj/OTGGH/Ai49a9915RynbBLX9H9CEnouDSYTc8qX+zq6LR?=
=?windows-1251?Q?d/ChN5ofhYHFlSc/RpK3cuaby4H6/5WZQ3M9UOx53NMRURNlU10BqUYv?=
=?windows-1251?Q?KNTUjhRrc8Cb5rnq0ujrXSOJ4Zf6H71gqEw9nny0oL+sWobvwq0K/9Tm?=
=?windows-1251?Q?L+b8vtJwe09uEho/jMcBvQECaamM5zDEdBbPjuHH228uqn/3EreZz0Rl?=
=?windows-1251?Q?Y4CUMv1UtEXg6z5yHFf5Az/S0wYdWJP232WNKzNWsCKqrfYzkGfWi3rj?=
=?windows-1251?Q?k2NjX518xEWpKGH/mrw0E8Y09WRnaGRGe+8Bn8UcN4M1ieobF/tT/Ny8?=
=?windows-1251?Q?JOdwAJxr4XX4yECkQ2Ij3P65h0VneBrT5Rai37zxHm34P9CSVDeV9w44?=
=?windows-1251?Q?Bd1tZ3NN1kXJKldsxt8vSWGjijETJccuQJX4bctNIXQXFrFFQwYfSQcz?=
=?windows-1251?Q?HiSauGQcn4kMjl+XNqIdfFP0H0hI3hu9smrrb60N7x8kFqcz3ZxuItrG?=
=?windows-1251?Q?ufM0zPv+rqS++ytRyfTVw0VOZORHx9Bzbrv1X78F0YfcefVhYFknyJeZ?=
=?windows-1251?Q?/UBNYGsq2MWqFBt2gYhRpqCv+ruKge9Um8dhHYzxwfzdGTvFpzZZpRTi?=
=?windows-1251?Q?D3RXxpWFK+Lo1RYBCHEjTQyfYmWMU4JKO5xyng+2vuft0AFLIiNm4lcC?=
=?windows-1251?Q?aqHSumoh2r/YPgcKKmrOt6K65PxF+nqvRiFu2jXV0ZJGnuFe/P8Ja289?=
=?windows-1251?Q?3EsmJYHGWte0fuG6sxoa10b4PnjSGAU61wZXfarJCZg/sXAf/3ZWPAKH?=
=?windows-1251?Q?+DMU9q3KRz5Mol7yHFWn+RdTI3kLc7YSH3v6GJHkJiu5Ns3CFmd7FUfe?=
=?windows-1251?Q?GRaGhwq+ZyZA5tu2RLvickPE2y8DG8/WlJmictv2gFpL397LeexJXc1A?=
=?windows-1251?Q?ykY4136NUbUBT5wvFKb7J3BoaXPplr/jb0iLnYjiAdQZm7CpeQ+/HoRu?=
=?windows-1251?Q?WI07XlQ4ap5thIMAqwT1Bq+WLTKxRN02f2xzbWTob9xTqUtIVdxLgcZ5?=
=?windows-1251?Q?9Sr2UdmTAiTg32vAS4mhpdUi4zvt/OrU+RGkHvmOP8zZ02uB9+DEbQ3h?=
=?windows-1251?Q?6DQYZwICvda9hJLsPjOa7sVzq7yAOILFDF+jj9yakLFUazeVDAyaG2su?=
=?windows-1251?Q?S4RrATRA2fghu2LFErg05PTfr+b4Enst93UW9rFqVqY9eosw2uRnPQ1Z?=
=?windows-1251?Q?ErAIOk+IWN3NIyqUgCh/f1F7CvcR1+G486CF8dC7RFjwA9Ts40iuVzhQ?=
=?windows-1251?Q?4AlJl8abWEeD0GFvDlmV1AFe14jXKyErXalfmb1I+nSKmkkKNiQSVWM4?=
=?windows-1251?Q?n8Qv5tljV9h7kFKoY7sI1pLO0USezbqK5WjvoToazh/R3mm9/5EUDbsb?=
=?windows-1251?Q?SLw=3D?=
X-ExternalRecipientOutboundConnectors: 7af6c8cb-ea78-42bd-bc80-3345238bb9f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR15MB1588
X-MS-Exchange-Transport-CrossTenantHeadersStripped: CO1NAM04FT011.eop-NAM04.prod.protection.outlook.com
X-MS-Exchange-Transport-CrossTenantHeadersPromoted: CO1NAM04FT011.eop-NAM04.prod.protection.outlook.com
X-MS-Office365-Filtering-Correlation-Id-Prvs: 85636768-5d98-4b06-b32b-08d8744337e3
X-Forefront-Antispam-Report-Untrusted: CIP:104.47.56.175;CTRY:US;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:NAM11-CO1-obe.outbound.protection.outlook.com;PTR:mail-co1nam11lp2175.outbound.protection.outlook.com;CAT:SPM;SFS:(6666004)(3480700007)(5660300002)(7636003)(31686004)(1096003)(4270600006)(336012)(26005)(558084003)(31696002)(8676002)(86362001)(109986005)(9686003)(956004)(2700400008);DIR:INB;
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: =?windows-1251?Q?ie1H/7TnTTWr+5I5WMo2x1GEw0lkdCRxBFSLn/LWjP8zZ6FmTSyGfSgF?=
=?windows-1251?Q?po+rNpQa1YD8a1Rm+M1KJwgceBlW2Wm2P+yno30YDmTR+6PfFu4PTiHx?=
=?windows-1251?Q?tYKfxHJ7OioRMmmJdBtau+LFJtPvhDdVmBWn/tfqCykDWVUK/Y9L7NbB?=
=?windows-1251?Q?yuMZNZ27wOLhBjm7ZNy2XVu8h7k2jiyoFJMtavqUeiLqktw6LdxcCgQL?=
=?windows-1251?Q?A98PEJpgW4bY5XcSHPudeB9ciTc0vPPq81OpJlm6eUgWZAG9QWvpdRoz?=
=?windows-1251?Q?TJw8okS6aWcrLw9GryMPy9LlfqKUOTNqifaOIhYotbcf+oQouj11WkP/?=
=?windows-1251?Q?34+a3BOeMubZ07Za2r/Ll9HUrIa+nxPSDHZ1xXERNND2RI7W/XOu6AiC?=
=?windows-1251?Q?ncYrSpI+KEa5w08d3lxGWL8kKeJnhNxIcIU9LAoYS31BrFNMEhiQesae?=
=?windows-1251?Q?URTvvtI9rpykcSMYW9WRHui5kdu1M7UaFwOEwbMkfSsSJnzfACgnczMN?=
=?windows-1251?Q?t6+qRI1YsjTw3meYDclu6ZKzfxC48BYdG/Lg+NqcnVv63ebI/XLH9jan?=
=?windows-1251?Q?4Ks1joVqlhRKAYBO89WnNqO7wPP/VcD4NxI/UAIZvA2abIYJt/41muIl?=
=?windows-1251?Q?bW+ugp8LkjOdrfit0w3xVYd+/B5nupfXUNCUBd8AVlZpgqYUMuf6RaYG?=
=?windows-1251?Q?ydZIP80UJh6llCCBsUJRaAbbH3GoKOHVwSrSKjm52uLCZERsPy2O7pin?=
=?windows-1251?Q?OLxf4WWsvKni8wB99zSWvBMPu21vBi7e/Jf733gwAPczQ/Ylb0dGgse7?=
=?windows-1251?Q?w7WO3aPzlffA9mfURJIu8XFF7OWqB7S09Dnem8/u1i/SIvYb3X9WwY8J?=
=?windows-1251?Q?Ijx0jOyrEzhVsObEzmaDEF/T7AXLKpe8Nxr64xWxTm0JrWX8GRGF/HYJ?=
=?windows-1251?Q?S7fYSkw25sRBVNDjuR3N8UdoRqTghvZgIkvUHdSNu62S55LasI5AmGh7?=
=?windows-1251?Q?+UwgL6DpXnrycrB/RFHv+X+JYGbeC/NzNCNhX9WMkpBfJKZ8amDdluGj?=
=?windows-1251?Q?BrAThNy66l7UW+X/GFqr8SSaPKpBoHdNRqlW4gNqXAtuzncPAvR1KP7u?=
=?windows-1251?Q?bb60ZLl0DCd4O8rBAazb91bBN4logjsFkE6+sHsX3K2XlXrflskGmrB9?=
=?windows-1251?Q?5OiduolV9MA9EUckyl9Qxg01+pI023GXtz1DEEiAIpvx9mx6jiDL699Y?=
=?windows-1251?Q?hI33Dfy38ZqY/8yHtSVtjtZTtf08dfidW4753TF9xpPNkMDhn0qEuSxO?=
=?windows-1251?Q?vPuthXYfqDt3/jwEibMbopyVruW6ix1mvazHdB6keLiSOIxgLdN9Laed?=
=?windows-1251?Q?3kN5FPBs2XAtVdPo8O+wHoxXh6kIHwaYRQ6sepoKLg6eUMUBovOueHH5?=
=?windows-1251?Q?q83aOkMzb5whO0htXiGyb9R5ZTR5DyoDw+sSdKegtBKKW5JAjH7fi7fk?=
=?windows-1251?Q?ez8eX1RtbzKqUz/YSHod7NoUhiphdKrkyqGB48b232FfKCNoM+eo49a6?=
=?windows-1251?Q?khFzxBMtdOvp6TtDFAMP48VA2rdNIMN67FaenHS9+/OcBycH8OB3rdeG?=
=?windows-1251?Q?ibgVEru3owUEtWYTfk1HKj1SjVXgNqFP5BhXXgxg/pn2KZ1Vv9XHhz5b?=
=?windows-1251?Q?djCn9TGsVRM+NFm1gx8G1rKPPg8Tq1ER?=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW3PR15MB3771
X-MS-Exchange-Transport-CrossTenantHeadersStripped: BN8NAM04FT059.eop-NAM04.prod.protection.outlook.com
X-MS-Exchange-Transport-CrossTenantHeadersPromoted: BN8NAM04FT059.eop-NAM04.prod.protection.outlook.com
X-MS-Office365-Filtering-Correlation-Id-Prvs:
9988837f-29b3-4224-8bce-08d87443390c
X-Forefront-Antispam-Report:
CIP:104.47.58.168;CTRY:US;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:NAM11-BN8-obe.outbound.protection.outlook.com;PTR:mail-bn8nam11lp2168.outbound.protection.outlook.com;CAT:SPM;SFS:(6666004)(956004)(336012)(1096003)(5660300002)(9686003)(31696002)(558084003)(31686004)(3480700007)(26005)(109986005)(4270600006)(86362001)(7636003)(8676002)(2700400008);DIR:INB;
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
=?us-ascii?Q?IfQUTj+ZD/RbtB5PUQVycvdFv8qKG+j5qnagWbFD9Cuc9INBF9thAvmSPJjq?=
=?us-ascii?Q?m2sZBoSWDX1LcmRL1cddd/uHObNTNBgf9ITDZaKb3edCtz1w2ajejKG4j1Cc?=
=?us-ascii?Q?j7SVMqdPe3qzsbdD7JRAuDPwHGBS5JxGGHv3QQJ2+QZoNHTs49B+DIvlwt+v?=
=?us-ascii?Q?oUrWf3hAjj4pP2X0tDbeZ9RGLXDPnqJP/Ww8zZkhgO6kwP+lX/Yi4SM2nKfE?=
=?us-ascii?Q?+IEdnWVvzzIWBoJy9/WKefkuE9l0nw7Pu99+dXgnCh+uK9lcJ6PqGZ7v7NXb?=
=?us-ascii?Q?q88FxwAdRKP7rQdYO9Lh+uFPtnAp+nfxW5SyzvnGhIjT+N7y9yard+xxiVXT?=
=?us-ascii?Q?L6texscQqsCXj0Afj/oQzZ3Inr1ZY/XRBtNEC8bCiDiwZpd2gITCXwQ8ThyQ?=
=?us-ascii?Q?nqUxxfCAL/oVhpoJo2ZGoMeVMWtVCJ4KOVsMsuZNggiuRdMyBFwkmom9KlEN?=
=?us-ascii?Q?J7XKjdrzny+GTuqNuOKIf59gpHm9nutsef+FYAV2puKz6TwBJ+xbtCfFBB4C?=
=?us-ascii?Q?Drx2KS80gsYrVfhb73jGS1R3Xd0oT4rOlDcYennRSWASfW1NS/0scdG/BJtA?=
=?us-ascii?Q?xEsBnvshVTLTbhgMYwpOr6+GzP3G4Dr4MGqATy5s52ta/C5PKEf4oleF4QrB?=
=?us-ascii?Q?cavZ6MNS/1aAPjc3ZIwwEhS3CU7ttFRQm5C/7b0Sts4m+5fPnqH4sZRSx5St?=
=?us-ascii?Q?gPmzjuz0jgXd9kOCKKPANHlg2GH95F6tjaL6J22sc1jzX0HASQ36pqOTM8xz?=
=?us-ascii?Q?9Oqd+OWCcPynO8V8gdfyzTdv0eGL0pJjAyf8QqPxf3LTDImQxIvUaMPPgcnw?=
=?us-ascii?Q?+9xat6Vva/r5rkJT8wDuImw5dlmFwpvwHh5U8Zed8AN9oiisG7Z8I/1gT7Na?=
=?us-ascii?Q?AvrYS2GBUofshxsuhtauB7qHpaQ1AEYKxKkDMkTsp2NhLpfvShj8s1UOPzhr?=
=?us-ascii?Q?4fPO3z/g82066g92CHiUyoDzWjsdo4PwTqlUqN188UdaMgbejePnB0A8vc2s?=
=?us-ascii?Q?z6JIJPDq0mi4tmDANwUR4k5H20EejKUq1t5ff0Jgs2OGcsa80Vp+MGyYDn5G?=
=?us-ascii?Q?KpYCaYaWEdjwv5W0W+EgQHhAuys//nXNh5YPmPwh+ikTdXjcIzi/JxCkF7di?=
=?us-ascii?Q?9fOctCSa3pbY/Ko17whKa7JixTcmcMOnpym78WCHlfH9pa95XO6xR0dLyjSu?=
=?us-ascii?Q?GR7Lrpi7OCa+LXp1g4GtFR4epOgn2u0NY0sx1VP/+s5ap33HjOhV1kg4waSc?=
=?us-ascii?Q?kdd0cgwbomzsuBQrwXDIa7hrhRJQIesD2/1yuD8/t/um9q0H7lhdi5rDLjA2?=
=?us-ascii?Q?cnOebzvHZ5AsKIlr9txAuRSJbYP5cbeRos2DmSs72Lq/wBSLATIUAK3whMBD?=
=?us-ascii?Q?ZiV7SAmVmdGB9OoUguykH86iWiq4hH32ZjzDf5PGR5FBgoMxTuHN7Qeffai/?=
=?us-ascii?Q?j8+X+zsSGZrC6hRUJi+qnqCj5de2pcZib1FSkaiNZXIm820l2I6i7iS2eWJJ?=
=?us-ascii?Q?XF+M1HBDd5oB67QbaBeShAtD63GjjPUeIObot2Iif4KjOAHBIYDdcku7Eype?=
=?us-ascii?Q?nYjXr25IUl/+ME/Phkk3xpcyu+ul3P8NSzYpD6jZ?=
X-OriginatorOrg: houghton.edu
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Oct 2020 15:25:36.8451
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: a44430fa-51c1-40f8-3818-08d874433b2f
X-MS-Exchange-CrossTenant-Id: 7af6c8cb-ea78-42bd-bc80-3345238bb9f4
X-MS-Exchange-CrossTenant-AuthSource:
BN8NAM04FT059.eop-NAM04.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR15MB1573
MIME-Version: 1.0
Original Message:
Sent: 10-20-2020 10:31 AM
From: Paul Kopalek
Subject: one of our domains is being email bombed by messagelabs daily
John,
The only thing clear about the sender is that they are relaying emails through multiple hosts from multiple places - but virtually all of them have the first hop in the header as something.something.messagelabs.com.
Your customer in this case either IS the malicious actor or one of your customers is compromised. I have no insight into who the sender is other than the Reply-To address that they put in from various domains.
The only way we are seeing these is because we are getting the NDRs, since the 'From' address they are listing is one of our customers. Here is a sample from pasting one of these headers into Azure's MHA:
unknown (HELO User) (191.232.240.244) | server-7.tower-340.messagelabs.com | 10/19/2020 11:25:24 AM | | SMTP |
It then relays from 100.112.132.75 to server-4.bemta.az-b.us-west-2.aws.symcld.net (which looks like mail1.bemta24.messagelabs.com)
This is one of thousands of hourly messages that have been sent out constantly - and a great many are sourcing from that 191.232.240.244 IP.
The From address is spoofed, and the spoofed party has DKIM, SPF, and DMARC properly set up (to reject) - but as they are getting the NDRs of the spoofed messages, we see these original messages attached.
Someone is very clearly relaying the spoofed messages through several of the messagelabs.com servers, and I can't find any help for it, since I am not a customer. And we don't know which customer is either compromised or doing malicious activity themselves.
Paul K
P.S. I have already notified Microsoft of the malicious actor's use of an Azure IP address to initiate all of these spoofed emails, by the way, since 191.232.240.244 seems to be within Azure.
Original Message:
Sent: 10-20-2020 10:25 AM
From: John Fink
Subject: one of our domains is being email bombed by messagelabs daily
Hello Paul;
The first step would be to notify the sender of the messages. It is possible they have been compromised and have a rouge program sending the messages.This would allow them to investigate and attempt to remedy the situation. It may be possible the recipients were signed up for newsletters and the sender could remove them from the list they are using.
Our customer ( the sender) would be able to open a case with us for investigation as well as provide details needed to assist in the matter.
Best Regards,
John F.
Broadcom
Original Message:
Sent: 10-19-2020 02:36 PM
From: Paul Kopalek
Subject: one of our domains is being email bombed by messagelabs daily
Has anyone else figured out a way to contact support about this?
This is happening to one of our domains as well, and it's pretty clearly a malicious actor from a Brazilian Azure IP address. They are spoofing thousands of emails per hour, and they're all flying through server-11.tower-320.messagelabs.com
The Broadcom Support person directed me to these forums for help, but it's not clear that there's any help to be had...
Don't they want to know about abuse of their systems??!
Original Message:
Sent: 01-30-2019 04:17 AM
From: Craig V
Subject: one of our domains is being email bombed by messagelabs daily
Well, if you're not willing to pay, then you have a problem. If this is from a customer on the Messagelabs platform that's mass-mailing you, without a logged call they cannot assist.