Email Security.cloud

  • 1.  one of our domains is being email bombed by messagelabs daily

    Posted 01-28-2019 01:01 PM

    For the last week daily from 4PM-5PM PST our mail server has been bombed by 10-15K emails, all being sent from messagelabs.com mail servers, namely mail2.bemta23.messagelabs.com and mail2.bemta24.messagelabs.com. We have attempted to contact messagelabs to resolve this but cannot make our way through Symantec support to contact messagelabs (thry claim we can't talk to messagelabs unless we purchase a support contract). Does anybody know how we can contact them to stop the daily email attacks their servers are subjecting us to?

    2019-01-27 17:10:12
     
     
     
    Blocked
    Invalid Domain
     
    mail2.bemta23.messagelabs.com[67.219.246.218]
     
     
    2019-01-27 17:10:11
     
     
     
    Blocked
    Invalid Domain
     
    mail2.bemta23.messagelabs.com[67.219.246.217]
     
     
    2019-01-27 17:10:11
     
     
     
    Blocked
    Invalid Domain
     
    mail2.bemta24.messagelabs.com[67.219.250.220]
     
     
    2019-01-27 17:10:11
     
     
     
    Blocked
    Invalid Domain
     
    mail2.bemta23.messagelabs.com[67.219.246.217]
     
     
    2019-01-27 17:10:11
     
     
     
    Blocked
    Invalid Domain
     
    mail2.bemta23.messagelabs.com[67.219.246.121]
     
     
    2019-01-27 17:10:11
     
     
     
    Blocked
    Invalid Domain
     
    mail2.bemta24.messagelabs.com[67.219.250.122]
     
     
    2019-01-27 17:10:11
     
     
     
    Blocked
    Invalid Domain
     
    mail2.bemta24.messagelabs.com[67.219.250.122]
     
     
    2019-01-27 17:10:10
     
     
     
    Blocked
    Invalid Domain
     
    mail2.bemta23.messagelabs.com[67.219.246.9]
     
     
    2019-01-27 17:10:10
     
     
     
    Blocked
    Invalid Domain
     
    mail2.bemta23.messagelabs.com[67.219.246.9]
     
     
    2019-01-27 17:10:10
     
     
     
    Blocked
    Invalid Domain
     
    mail2.bemta23.messagelabs.com[67.219.246.9]
     
     
    2019-01-27 17:10:10
     
     
     
    Blocked
    Invalid Domain
     
    mail2.bemta24.messagelabs.com[67.219.250.120]
     
     
    2019-01-27 17:10:09
     
     
     
    Blocked
    Invalid Domain
     
    mail2.bemta23.messagelabs.com[67.219.246.216]
     
     
    2019-01-27 17:10:09
     
     
     
    Blocked
    Invalid Domain
     
    mail2.bemta23.messagelabs.com[67.219.246.216]
     
     
    2019-01-27 17:10:09
     
     
     
    Blocked
    Invalid Domain
     
    mail2.bemta23.messagelabs.com[67.219.246.216]
     
     
    2019-01-27 17:10:08
     
     
     
    Blocked
    Invalid Domain
     
    mail2.bemta24.messagelabs.com[67.219.250.14]
     
     
    2019-01-27 17:10:08
     
     
     
    Blocked
    Invalid Domain
     
    mail2.bemta24.messagelabs.com[67.219.250.124]
     
     
    2019-01-27 17:10:08
     
     
     
    Blocked
    Invalid Domain
     
    mail2.bemta24.messagelabs.com[67.219.250.14]
     
     
    2019-01-27 17:10:08
     
     
     
    Blocked
    Invalid Domain
     
    mail2.bemta24.messagelabs.com[67.219.250.124]
     
     
    2019-01-27 17:10:07
     
     
     
    Blocked
    Invalid Domain
     
    mail2.bemta24.messagelabs.com[67.219.250.217]
     
     
    2019-01-27 17:10:07
     
     
     
    Blocked
    Invalid Domain
     
    mail2.bemta24.messagelabs.com[67.219.250.217]
     
     
    2019-01-27 17:10:07
     
     
     
    Blocked
    Invalid Domain
     
    mail2.bemta24.messagelabs.com[67.219.250.217]
     
     
    2019-01-27 17:10:07
     
     
     
    Blocked
    Invalid Domain
     
    mail2.bemta24.messagelabs.com[67.219.250.217]
     
     
    2019-01-27 17:10:07
     
     
     
    Blocked
    Invalid Domain
     
    mail2.bemta24.messagelabs.com[67.219.250.217]
     
     
    2019-01-27 17:10:07
     
     
     
    Blocked
    Invalid Domain
     
    mail

     

     



  • 2.  RE: one of our domains is being email bombed by messagelabs daily

    Posted 01-29-2019 03:34 AM
    If you don't have a support contract in place, they won't help you. It's like this for numerous software companies. Best bet is to see if you can get your maintenance updated, or see if you can pay for a support case. Thanks!


  • 3.  RE: one of our domains is being email bombed by messagelabs daily

    Posted 01-29-2019 07:00 AM

    Pay to stop them from mail bombing our server? 15K+ plus emails per hour is a DOS attack!



  • 4.  RE: one of our domains is being email bombed by messagelabs daily

    Posted 01-29-2019 07:53 AM

    You're not a Symantec customer, correct? If not, don't expect to get any help on this. 



  • 5.  RE: one of our domains is being email bombed by messagelabs daily

    Posted 01-30-2019 04:17 AM

    Well, if you're not willing to pay, then you have a problem. If this is from a customer on the Messagelabs platform that's mass-mailing you, without a logged call they cannot assist.



  • 6.  RE: one of our domains is being email bombed by messagelabs daily

    Posted 10-19-2020 05:17 PM

    Has anyone else figured out a way to contact support about this?

    This is happening to one of our domains as well, and it's pretty clearly a malicious actor from a Brazilian Azure IP address. They are spoofing thousands of emails per hour, and they're all flying through server-11.tower-320.messagelabs.com

    The Broadcom Support person directed me to these forums for help, but it's not clear that there's any help to be had...

    Don't they want to know about abuse of their systems??!




  • 7.  RE: one of our domains is being email bombed by messagelabs daily

    Broadcom Employee
    Posted 10-20-2020 10:25 AM
    Hello Paul;

    The first step would be to notify the sender of the messages.  It is possible they have been compromised and have a rouge program sending the messages.This would allow them to investigate and attempt to remedy the situation.  It may be possible the recipients were signed up for newsletters and the sender could remove them from the list they are using.
    Our customer ( the sender) would be able to open a case with us for investigation as well as provide details needed to assist in the matter.

    Best Regards,
    John F.
    Broadcom


  • 8.  RE: one of our domains is being email bombed by messagelabs daily

    Posted 10-20-2020 10:32 AM
    Edited by Paul Kopalek 10-20-2020 10:33 AM

    John,

    The only thing clear about the sender is that they are relaying emails through multiple hosts from multiple places - but virtually all of them have the first hop in the header as something.something.messagelabs.com.

    Your customer in this case either IS the malicious actor or one of your customers is compromised. I have no insight into who the sender is other than the Reply-To address that they put in from various domains.

    The only way we are seeing these is because we are getting the NDRs, since the 'From' address they are listing is one of our customers. Here is a sample from pasting one of these headers into Azure's MHA:

    unknown (HELO User) (191.232.240.244) server-7.tower-340.messagelabs.com 10/19/2020 11:25:24 AM
    SMTP


    It then relays from 100.112.132.75 to server-4.bemta.az-b.us-west-2.aws.symcld.net (which looks like mail1.bemta24.messagelabs.com)

    This is one of thousands of hourly messages that have been sent out constantly - and a great many are sourcing from that 191.232.240.244 IP.

    The From address is spoofed, and the spoofed party has DKIM, SPF, and DMARC properly set up (to reject) - but as they are getting the NDRs of the spoofed messages, we see these original messages attached.

    Someone is very clearly relaying the spoofed messages through several of the messagelabs.com servers, and I can't find any help for it, since I am not a customer. And we don't know which customer is either compromised or doing malicious activity themselves.

    Paul K

    P.S. I have already notified Microsoft of the malicious actor's use of an Azure IP address to initiate all of these spoofed emails, by the way, since 191.232.240.244 seems to be within Azure.




  • 9.  RE: one of our domains is being email bombed by messagelabs daily

    Posted 10-20-2020 12:14 PM
    Here are some sample headers:

    Example 1:

    Received: from BN8PR16CA0009.namprd16.prod.outlook.com (2603:10b6:408:4c::22)
    by CY4PR15MB1573.namprd15.prod.outlook.com (2603:10b6:903:fc::10) with
    Microsoft SMTP Server (version=TLS1_2,
    cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.27; Mon, 19 Oct
    2020 15:25:38 +0000
    Received: from BN8NAM04FT059.eop-NAM04.prod.protection.outlook.com
    (2603:10b6:408:4c:cafe::ce) by BN8PR16CA0009.outlook.office365.com
    (2603:10b6:408:4c::22) with Microsoft SMTP Server (version=TLS1_2,
    cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.20 via Frontend
    Transport; Mon, 19 Oct 2020 15:25:38 +0000
    Authentication-Results: spf=pass (sender IP is 104.47.58.168)
    smtp.mailfrom=arcticbearinc.com; houghton.edu; dkim=none (message not signed)
    header.d=none;houghton.edu; dmarc=pass action=none
    header.from=arcticbearinc.com;compauth=pass reason=100
    Received-SPF: Pass (protection.outlook.com: domain of arcticbearinc.com
    designates 104.47.58.168 as permitted sender)
    receiver=protection.outlook.com; client-ip=104.47.58.168;
    helo=NAM11-BN8-obe.outbound.protection.outlook.com;
    Received: from NAM11-BN8-obe.outbound.protection.outlook.com (104.47.58.168)
    by BN8NAM04FT059.mail.protection.outlook.com (10.13.160.182) with Microsoft
    SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
    15.20.3455.27 via Frontend Transport; Mon, 19 Oct 2020 15:25:36 +0000
    Received: from CO2PR04CA0064.namprd04.prod.outlook.com (2603:10b6:102:1::32)
    by MW3PR15MB3771.namprd15.prod.outlook.com (2603:10b6:303:4f::9) with
    Microsoft SMTP Server (version=TLS1_2,
    cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.21; Mon, 19 Oct
    2020 15:25:35 +0000
    Received: from CO1NAM04FT011.eop-NAM04.prod.protection.outlook.com
    (2603:10b6:102:1:cafe::35) by CO2PR04CA0064.outlook.office365.com
    (2603:10b6:102:1::32) with Microsoft SMTP Server (version=TLS1_2,
    cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.21 via Frontend
    Transport; Mon, 19 Oct 2020 15:25:35 +0000
    Authentication-Results-Original: spf=pass (sender IP is 104.47.56.175)
    smtp.mailfrom=arcticbearinc.com; houghton.edu; dkim=none (message not signed)
    header.d=none;houghton.edu; dmarc=pass action=none
    header.from=arcticbearinc.com;compauth=pass reason=100
    Received-SPF: Pass (protection.outlook.com: domain of arcticbearinc.com
    designates 104.47.56.175 as permitted sender)
    receiver=protection.outlook.com; client-ip=104.47.56.175;
    helo=NAM11-CO1-obe.outbound.protection.outlook.com;
    Received: from NAM11-CO1-obe.outbound.protection.outlook.com (104.47.56.175)
    by CO1NAM04FT011.mail.protection.outlook.com (10.152.90.158) with Microsoft
    SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
    15.20.3455.27 via Frontend Transport; Mon, 19 Oct 2020 15:25:34 +0000
    Received: from BN8PR15CA0032.namprd15.prod.outlook.com (2603:10b6:408:c0::45)
    by BN6PR15MB1588.namprd15.prod.outlook.com (2603:10b6:404:c7::16) with
    Microsoft SMTP Server (version=TLS1_2,
    cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.27; Mon, 19 Oct
    2020 15:25:32 +0000
    Received: from BN8NAM04FT049.eop-NAM04.prod.protection.outlook.com
    (2603:10b6:408:c0:cafe::2) by BN8PR15CA0032.outlook.office365.com
    (2603:10b6:408:c0::45) with Microsoft SMTP Server (version=TLS1_2,
    cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.22 via Frontend
    Transport; Mon, 19 Oct 2020 15:25:32 +0000
    Authentication-Results-Original: spf=fail (sender IP is 67.219.250.115)
    smtp.mailfrom=arcticbearinc.com; houghton.edu; dkim=none (message not signed)
    header.d=none;houghton.edu; dmarc=fail action=oreject
    header.from=arcticbearinc.com;compauth=fail reason=000
    Received-SPF: Fail (protection.outlook.com: domain of arcticbearinc.com does
    not designate 67.219.250.115 as permitted sender)
    receiver=protection.outlook.com; client-ip=67.219.250.115;
    helo=mail1.bemta24.messagelabs.com;
    Received: from mail1.bemta24.messagelabs.com (67.219.250.115) by
    BN8NAM04FT049.mail.protection.outlook.com (10.13.161.125) with Microsoft SMTP
    Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
    15.20.3455.27 via Frontend Transport; Mon, 19 Oct 2020 15:25:31 +0000
    Return-Path: info@arcticbearinc.com
    Received: from [100.112.132.75] (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256 bits))
    by server-4.bemta.az-b.us-west-2.aws.symcld.net id FF/C1-56365-5EFAD8F5; Mon, 19 Oct 2020 15:25:25 +0000
    X-Brightmail-Tracker: H4sIAAAAAAAAA1WTa0ybZRTHed6+7Vsn1bbM8NJlcenmlbRAdXr
    2YQZNFl/JMiCakOEUy+igSltsi4AYKchEEEa3Ebd2XVZuA7mMcpmUOxTGuDNMsyEOCGXAABlg
    xnU4fVtkzi+//J9zTs7//+E8bAY/hxCwZfFamVopjRayduEt95ceiqYqssJ8R354FtJ62jHQT
    bSzIKWgnoBBuw6HtOxfmNDyexEGtqo6DB6cseCgb73LhLpsKw6OjgR4dC2HgNUiMwPKBlJwMF
    VbMHhsHcfA0b7IhJqrPxGQ3l2Pw9DmFQJWDH0EdKbvgbG/5TBlyWFAia4Lh+JcB23avMKAuVs
    WAu63lhKwlGVhQdOwBcFg+iyC3I5iHPonaxE0jDJgJL+fCSvTWjAsP8IgeauRAEPLBhOKbPSO
    ydUxAu6er8Igr0ePgf7yBoLC0VwcKgYaERhtqxgY5ypxyCi3E/4S6i/dDYwab/iZoAastSyqf
    HmWoLru8CjzxiEq3exBLdZssaiG5gGCmh96njo/aULU6oiOSbXp2xCVvLDGoEoe6hmU/lIhEb
    QvlClXhqviP2NG5U59EXMBi+/NLSB0aBNloGfYfO5LpL3tCsOpWVwRaey97qp7cPeRoxdrcKf
    G6Znbi+uEU3O4PLLbcM9VZ3B9yaH2Jta2fpGsXTC59pBcDnkxbQrf1l7kd6WOf7WEPPP9DLGt
    gbzVO4R2ZtqKh3E9cjc+ZWF8ysL4lIUZMUoQhKvlkVFahVQeLfLz9RX5+UlEfm9IRJI3JWLp1
    6JwcaxGFCfTaEX0M04j1iQoTkZHiJUybRWijywiJvVPK9L9sSS2IS82JnyB87EpK4z/XLgqIi
    FKqokKU8dGyzQ29CqbzU1ezLuDBLhSpZQJSY7hGj3HU8siZfGn5NH02e6Mkmx34W4Ojz5cPkc
    TI1Vo5JHbrR70Cbv9dn4eg+0oKaC57OKai+suFlx3srXNyRlTIc26yzT5Lk+BJ+e405PrXBoV
    q3xiufNZfkV7BR4c5ObmxnePkakVcu3/+3PIk42EHhxvZzR3uVL7JNkcHRqjQx/OznSG1kr/a
    wl02OfKkGjRkfZmZujhE9gxR8Dpx0qmnV3ev99a4n22JQhbTRVe6u6bsHwTXBn36ezbgz4KAz
    he+Q2v8fAOqeioTzkxYz8SeGA6v3nQHhSe+FpmX8CDJJ8ew+a80jSjMu/Of+/Lg43ndqXe7HN
    H1DtfJdXvSdyyzWfmZH/0Ps57S9CmCvSy8m5WQnCpLSPgA37zwgGLytpp/vFoUmFelpA5Hpp/
    cGiYJ/bkb8zb3n25OrS7s0D2LVEWeK8nnhUwVhZ8NOtD7vSKyuJ+SFDZL8vxVPjfOHUhNSRR0
    iTFM04KbZLJtXW5cXxoq7qy6/Ti6Cjzqr8PO0CyHnl8/95jZydCqoS4Jkrq9zpDrZH+A+HOtF
    OnBAAA
    X-Env-Sender: info@arcticbearinc.com
    X-Msg-Ref: server-7.tower-340.messagelabs.com!1603121079!244!1
    X-Originating-IP: [191.232.240.244]
    X-SYMC-ESS-Client-Auth: outbound-route-from=fail
    X-StarScan-Received:
    X-StarScan-Version: 9.60.3; banners=-,-,-
    X-VirusChecked: Checked
    Received: (qmail 26965 invoked from network); 19 Oct 2020 15:25:24 -0000
    Received: from unknown (HELO User) (191.232.240.244)
    by server-7.tower-340.messagelabs.com with SMTP; 19 Oct 2020 15:25:24 -0000
    Reply-To: <majidaluttaim@vivaldi.net>
    From: "MAJID FUTTAIM"<info@arcticbearinc.com>
    Subject: CAN WE PARTNER TOGETHER
    Date: Mon, 19 Oct 2020 23:25:21 +0800
    Content-Type: text/html;
    charset="Windows-1251"
    Content-Transfer-Encoding: 7bit
    X-Mailer: Microsoft Outlook Express 6.00.2600.0000
    X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
    X-CFilter-Loop: Reflected
    Message-ID: <9780a150-8957-4fcc-9116-2291e4430560@BN8NAM04FT049.eop-NAM04.prod.protection.outlook.com>
    To: Undisclosed recipients:;
    X-EOPAttributedMessage: 2
    X-EOPTenantAttributedMessage: 7af6c8cb-ea78-42bd-bc80-3345238bb9f4:2
    X-MS-PublicTrafficType: Email
    X-MS-Office365-Filtering-Correlation-Id: a44430fa-51c1-40f8-3818-08d874433b2f
    X-MS-TrafficTypeDiagnostic: BN6PR15MB1588:|MW3PR15MB3771:|CY4PR15MB1573:
    X-MS-Oob-TLC-OOBClassifiers: OLM:4941;OLM:4941;OLM:4941;
    X-Forefront-Antispam-Report-Untrusted: CIP:67.219.250.115;CTRY:US;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:mail1.bemta24.messagelabs.com;PTR:mail1.bemta24.messagelabs.com;CAT:SPOOF;SFS:(9686003)(31686004)(109986005)(3480700007)(5660300002)(4186021)(4270600006)(558084003)(8676002)(956004)(336012)(31696002)(86362001)(7636003)(6666004)(1096003)(26005)(356005)(7596003)(2700400008);DIR:INB;
    X-Microsoft-Antispam-Untrusted: BCL:0;
    X-Microsoft-Antispam-Message-Info-Original: =?windows-1251?Q?FMYsVfRs+dYTju6lKw8jr/YCfKWkPPo76zHCuC285OPpMRVxeUp0lJ97?=
    =?windows-1251?Q?op87dLO8mJp+936oYsOWc7k1WGK/BwbWKaom1yDgARdKtPm50eAspox0?=
    =?windows-1251?Q?67mI1TV+4dkWVAvdf5UomOg2GzCj4EwBLdqlkll6pnk662FF1FEpeGlW?=
    =?windows-1251?Q?y7H3u8PZonlnHWNrz3RwKopoT0NiAvVjPJxO/FRYbi34pyy2JEw5g9XB?=
    =?windows-1251?Q?ZQehgjc6HwT6CUNIXqrm10lk9+WSSXwUrg/8XkRg7OrSBt/hn/KC96j1?=
    =?windows-1251?Q?EI6Q5HTQofudqNcLhklW0yUjotS6pJ3t0LylvHeIqT4t5CQljQGdUDIF?=
    =?windows-1251?Q?ZD44Jh0TReBY097E5ePt6U+E5+/d5TY+YzjkQPpdd9NQq90lzwoXlPpm?=
    =?windows-1251?Q?Sig3QQwyKNNbjoFt1LGAyp9UhmQqaqND7OrW8y1Mi3jNYnfa6Ena0knQ?=
    =?windows-1251?Q?20jw+0AETTjinWoLSKjyG8YY7ZJcRsjcdv6IeBFfK8RI/9YHXtcac0U1?=
    =?windows-1251?Q?YnwVYya6aOdqH4RMKfjhPN72wEfhHwz1OVg/wxNXfuEtVMKbHpJw/9X2?=
    =?windows-1251?Q?ga/cnUeziTwB/1HZv7hlS3/YIJtrI6odgCtAID0ui8Yn+aFM5Z126u+8?=
    =?windows-1251?Q?+VBO3NSqawj/OTGGH/Ai49a9915RynbBLX9H9CEnouDSYTc8qX+zq6LR?=
    =?windows-1251?Q?d/ChN5ofhYHFlSc/RpK3cuaby4H6/5WZQ3M9UOx53NMRURNlU10BqUYv?=
    =?windows-1251?Q?KNTUjhRrc8Cb5rnq0ujrXSOJ4Zf6H71gqEw9nny0oL+sWobvwq0K/9Tm?=
    =?windows-1251?Q?L+b8vtJwe09uEho/jMcBvQECaamM5zDEdBbPjuHH228uqn/3EreZz0Rl?=
    =?windows-1251?Q?Y4CUMv1UtEXg6z5yHFf5Az/S0wYdWJP232WNKzNWsCKqrfYzkGfWi3rj?=
    =?windows-1251?Q?k2NjX518xEWpKGH/mrw0E8Y09WRnaGRGe+8Bn8UcN4M1ieobF/tT/Ny8?=
    =?windows-1251?Q?JOdwAJxr4XX4yECkQ2Ij3P65h0VneBrT5Rai37zxHm34P9CSVDeV9w44?=
    =?windows-1251?Q?Bd1tZ3NN1kXJKldsxt8vSWGjijETJccuQJX4bctNIXQXFrFFQwYfSQcz?=
    =?windows-1251?Q?HiSauGQcn4kMjl+XNqIdfFP0H0hI3hu9smrrb60N7x8kFqcz3ZxuItrG?=
    =?windows-1251?Q?ufM0zPv+rqS++ytRyfTVw0VOZORHx9Bzbrv1X78F0YfcefVhYFknyJeZ?=
    =?windows-1251?Q?/UBNYGsq2MWqFBt2gYhRpqCv+ruKge9Um8dhHYzxwfzdGTvFpzZZpRTi?=
    =?windows-1251?Q?D3RXxpWFK+Lo1RYBCHEjTQyfYmWMU4JKO5xyng+2vuft0AFLIiNm4lcC?=
    =?windows-1251?Q?aqHSumoh2r/YPgcKKmrOt6K65PxF+nqvRiFu2jXV0ZJGnuFe/P8Ja289?=
    =?windows-1251?Q?3EsmJYHGWte0fuG6sxoa10b4PnjSGAU61wZXfarJCZg/sXAf/3ZWPAKH?=
    =?windows-1251?Q?+DMU9q3KRz5Mol7yHFWn+RdTI3kLc7YSH3v6GJHkJiu5Ns3CFmd7FUfe?=
    =?windows-1251?Q?GRaGhwq+ZyZA5tu2RLvickPE2y8DG8/WlJmictv2gFpL397LeexJXc1A?=
    =?windows-1251?Q?ykY4136NUbUBT5wvFKb7J3BoaXPplr/jb0iLnYjiAdQZm7CpeQ+/HoRu?=
    =?windows-1251?Q?WI07XlQ4ap5thIMAqwT1Bq+WLTKxRN02f2xzbWTob9xTqUtIVdxLgcZ5?=
    =?windows-1251?Q?9Sr2UdmTAiTg32vAS4mhpdUi4zvt/OrU+RGkHvmOP8zZ02uB9+DEbQ3h?=
    =?windows-1251?Q?6DQYZwICvda9hJLsPjOa7sVzq7yAOILFDF+jj9yakLFUazeVDAyaG2su?=
    =?windows-1251?Q?S4RrATRA2fghu2LFErg05PTfr+b4Enst93UW9rFqVqY9eosw2uRnPQ1Z?=
    =?windows-1251?Q?ErAIOk+IWN3NIyqUgCh/f1F7CvcR1+G486CF8dC7RFjwA9Ts40iuVzhQ?=
    =?windows-1251?Q?4AlJl8abWEeD0GFvDlmV1AFe14jXKyErXalfmb1I+nSKmkkKNiQSVWM4?=
    =?windows-1251?Q?n8Qv5tljV9h7kFKoY7sI1pLO0USezbqK5WjvoToazh/R3mm9/5EUDbsb?=
    =?windows-1251?Q?SLw=3D?=
    X-ExternalRecipientOutboundConnectors: 7af6c8cb-ea78-42bd-bc80-3345238bb9f4
    X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR15MB1588
    X-MS-Exchange-Transport-CrossTenantHeadersStripped: CO1NAM04FT011.eop-NAM04.prod.protection.outlook.com
    X-MS-Exchange-Transport-CrossTenantHeadersPromoted: CO1NAM04FT011.eop-NAM04.prod.protection.outlook.com
    X-MS-Office365-Filtering-Correlation-Id-Prvs: 85636768-5d98-4b06-b32b-08d8744337e3
    X-Forefront-Antispam-Report-Untrusted: CIP:104.47.56.175;CTRY:US;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:NAM11-CO1-obe.outbound.protection.outlook.com;PTR:mail-co1nam11lp2175.outbound.protection.outlook.com;CAT:SPM;SFS:(6666004)(3480700007)(5660300002)(7636003)(31686004)(1096003)(4270600006)(336012)(26005)(558084003)(31696002)(8676002)(86362001)(109986005)(9686003)(956004)(2700400008);DIR:INB;
    X-Microsoft-Antispam-Untrusted: BCL:0;
    X-Microsoft-Antispam-Message-Info-Original: =?windows-1251?Q?ie1H/7TnTTWr+5I5WMo2x1GEw0lkdCRxBFSLn/LWjP8zZ6FmTSyGfSgF?=
    =?windows-1251?Q?po+rNpQa1YD8a1Rm+M1KJwgceBlW2Wm2P+yno30YDmTR+6PfFu4PTiHx?=
    =?windows-1251?Q?tYKfxHJ7OioRMmmJdBtau+LFJtPvhDdVmBWn/tfqCykDWVUK/Y9L7NbB?=
    =?windows-1251?Q?yuMZNZ27wOLhBjm7ZNy2XVu8h7k2jiyoFJMtavqUeiLqktw6LdxcCgQL?=
    =?windows-1251?Q?A98PEJpgW4bY5XcSHPudeB9ciTc0vPPq81OpJlm6eUgWZAG9QWvpdRoz?=
    =?windows-1251?Q?TJw8okS6aWcrLw9GryMPy9LlfqKUOTNqifaOIhYotbcf+oQouj11WkP/?=
    =?windows-1251?Q?34+a3BOeMubZ07Za2r/Ll9HUrIa+nxPSDHZ1xXERNND2RI7W/XOu6AiC?=
    =?windows-1251?Q?ncYrSpI+KEa5w08d3lxGWL8kKeJnhNxIcIU9LAoYS31BrFNMEhiQesae?=
    =?windows-1251?Q?URTvvtI9rpykcSMYW9WRHui5kdu1M7UaFwOEwbMkfSsSJnzfACgnczMN?=
    =?windows-1251?Q?t6+qRI1YsjTw3meYDclu6ZKzfxC48BYdG/Lg+NqcnVv63ebI/XLH9jan?=
    =?windows-1251?Q?4Ks1joVqlhRKAYBO89WnNqO7wPP/VcD4NxI/UAIZvA2abIYJt/41muIl?=
    =?windows-1251?Q?bW+ugp8LkjOdrfit0w3xVYd+/B5nupfXUNCUBd8AVlZpgqYUMuf6RaYG?=
    =?windows-1251?Q?ydZIP80UJh6llCCBsUJRaAbbH3GoKOHVwSrSKjm52uLCZERsPy2O7pin?=
    =?windows-1251?Q?OLxf4WWsvKni8wB99zSWvBMPu21vBi7e/Jf733gwAPczQ/Ylb0dGgse7?=
    =?windows-1251?Q?w7WO3aPzlffA9mfURJIu8XFF7OWqB7S09Dnem8/u1i/SIvYb3X9WwY8J?=
    =?windows-1251?Q?Ijx0jOyrEzhVsObEzmaDEF/T7AXLKpe8Nxr64xWxTm0JrWX8GRGF/HYJ?=
    =?windows-1251?Q?S7fYSkw25sRBVNDjuR3N8UdoRqTghvZgIkvUHdSNu62S55LasI5AmGh7?=
    =?windows-1251?Q?+UwgL6DpXnrycrB/RFHv+X+JYGbeC/NzNCNhX9WMkpBfJKZ8amDdluGj?=
    =?windows-1251?Q?BrAThNy66l7UW+X/GFqr8SSaPKpBoHdNRqlW4gNqXAtuzncPAvR1KP7u?=
    =?windows-1251?Q?bb60ZLl0DCd4O8rBAazb91bBN4logjsFkE6+sHsX3K2XlXrflskGmrB9?=
    =?windows-1251?Q?5OiduolV9MA9EUckyl9Qxg01+pI023GXtz1DEEiAIpvx9mx6jiDL699Y?=
    =?windows-1251?Q?hI33Dfy38ZqY/8yHtSVtjtZTtf08dfidW4753TF9xpPNkMDhn0qEuSxO?=
    =?windows-1251?Q?vPuthXYfqDt3/jwEibMbopyVruW6ix1mvazHdB6keLiSOIxgLdN9Laed?=
    =?windows-1251?Q?3kN5FPBs2XAtVdPo8O+wHoxXh6kIHwaYRQ6sepoKLg6eUMUBovOueHH5?=
    =?windows-1251?Q?q83aOkMzb5whO0htXiGyb9R5ZTR5DyoDw+sSdKegtBKKW5JAjH7fi7fk?=
    =?windows-1251?Q?ez8eX1RtbzKqUz/YSHod7NoUhiphdKrkyqGB48b232FfKCNoM+eo49a6?=
    =?windows-1251?Q?khFzxBMtdOvp6TtDFAMP48VA2rdNIMN67FaenHS9+/OcBycH8OB3rdeG?=
    =?windows-1251?Q?ibgVEru3owUEtWYTfk1HKj1SjVXgNqFP5BhXXgxg/pn2KZ1Vv9XHhz5b?=
    =?windows-1251?Q?djCn9TGsVRM+NFm1gx8G1rKPPg8Tq1ER?=
    X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW3PR15MB3771
    X-MS-Exchange-Transport-CrossTenantHeadersStripped: BN8NAM04FT059.eop-NAM04.prod.protection.outlook.com
    X-MS-Exchange-Transport-CrossTenantHeadersPromoted: BN8NAM04FT059.eop-NAM04.prod.protection.outlook.com
    X-MS-Office365-Filtering-Correlation-Id-Prvs:
    9988837f-29b3-4224-8bce-08d87443390c
    X-Forefront-Antispam-Report:
    CIP:104.47.58.168;CTRY:US;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:NAM11-BN8-obe.outbound.protection.outlook.com;PTR:mail-bn8nam11lp2168.outbound.protection.outlook.com;CAT:SPM;SFS:(6666004)(956004)(336012)(1096003)(5660300002)(9686003)(31696002)(558084003)(31686004)(3480700007)(26005)(109986005)(4270600006)(86362001)(7636003)(8676002)(2700400008);DIR:INB;
    X-Microsoft-Antispam: BCL:0;
    X-Microsoft-Antispam-Message-Info:
    =?us-ascii?Q?IfQUTj+ZD/RbtB5PUQVycvdFv8qKG+j5qnagWbFD9Cuc9INBF9thAvmSPJjq?=
    =?us-ascii?Q?m2sZBoSWDX1LcmRL1cddd/uHObNTNBgf9ITDZaKb3edCtz1w2ajejKG4j1Cc?=
    =?us-ascii?Q?j7SVMqdPe3qzsbdD7JRAuDPwHGBS5JxGGHv3QQJ2+QZoNHTs49B+DIvlwt+v?=
    =?us-ascii?Q?oUrWf3hAjj4pP2X0tDbeZ9RGLXDPnqJP/Ww8zZkhgO6kwP+lX/Yi4SM2nKfE?=
    =?us-ascii?Q?+IEdnWVvzzIWBoJy9/WKefkuE9l0nw7Pu99+dXgnCh+uK9lcJ6PqGZ7v7NXb?=
    =?us-ascii?Q?q88FxwAdRKP7rQdYO9Lh+uFPtnAp+nfxW5SyzvnGhIjT+N7y9yard+xxiVXT?=
    =?us-ascii?Q?L6texscQqsCXj0Afj/oQzZ3Inr1ZY/XRBtNEC8bCiDiwZpd2gITCXwQ8ThyQ?=
    =?us-ascii?Q?nqUxxfCAL/oVhpoJo2ZGoMeVMWtVCJ4KOVsMsuZNggiuRdMyBFwkmom9KlEN?=
    =?us-ascii?Q?J7XKjdrzny+GTuqNuOKIf59gpHm9nutsef+FYAV2puKz6TwBJ+xbtCfFBB4C?=
    =?us-ascii?Q?Drx2KS80gsYrVfhb73jGS1R3Xd0oT4rOlDcYennRSWASfW1NS/0scdG/BJtA?=
    =?us-ascii?Q?xEsBnvshVTLTbhgMYwpOr6+GzP3G4Dr4MGqATy5s52ta/C5PKEf4oleF4QrB?=
    =?us-ascii?Q?cavZ6MNS/1aAPjc3ZIwwEhS3CU7ttFRQm5C/7b0Sts4m+5fPnqH4sZRSx5St?=
    =?us-ascii?Q?gPmzjuz0jgXd9kOCKKPANHlg2GH95F6tjaL6J22sc1jzX0HASQ36pqOTM8xz?=
    =?us-ascii?Q?9Oqd+OWCcPynO8V8gdfyzTdv0eGL0pJjAyf8QqPxf3LTDImQxIvUaMPPgcnw?=
    =?us-ascii?Q?+9xat6Vva/r5rkJT8wDuImw5dlmFwpvwHh5U8Zed8AN9oiisG7Z8I/1gT7Na?=
    =?us-ascii?Q?AvrYS2GBUofshxsuhtauB7qHpaQ1AEYKxKkDMkTsp2NhLpfvShj8s1UOPzhr?=
    =?us-ascii?Q?4fPO3z/g82066g92CHiUyoDzWjsdo4PwTqlUqN188UdaMgbejePnB0A8vc2s?=
    =?us-ascii?Q?z6JIJPDq0mi4tmDANwUR4k5H20EejKUq1t5ff0Jgs2OGcsa80Vp+MGyYDn5G?=
    =?us-ascii?Q?KpYCaYaWEdjwv5W0W+EgQHhAuys//nXNh5YPmPwh+ikTdXjcIzi/JxCkF7di?=
    =?us-ascii?Q?9fOctCSa3pbY/Ko17whKa7JixTcmcMOnpym78WCHlfH9pa95XO6xR0dLyjSu?=
    =?us-ascii?Q?GR7Lrpi7OCa+LXp1g4GtFR4epOgn2u0NY0sx1VP/+s5ap33HjOhV1kg4waSc?=
    =?us-ascii?Q?kdd0cgwbomzsuBQrwXDIa7hrhRJQIesD2/1yuD8/t/um9q0H7lhdi5rDLjA2?=
    =?us-ascii?Q?cnOebzvHZ5AsKIlr9txAuRSJbYP5cbeRos2DmSs72Lq/wBSLATIUAK3whMBD?=
    =?us-ascii?Q?ZiV7SAmVmdGB9OoUguykH86iWiq4hH32ZjzDf5PGR5FBgoMxTuHN7Qeffai/?=
    =?us-ascii?Q?j8+X+zsSGZrC6hRUJi+qnqCj5de2pcZib1FSkaiNZXIm820l2I6i7iS2eWJJ?=
    =?us-ascii?Q?XF+M1HBDd5oB67QbaBeShAtD63GjjPUeIObot2Iif4KjOAHBIYDdcku7Eype?=
    =?us-ascii?Q?nYjXr25IUl/+ME/Phkk3xpcyu+ul3P8NSzYpD6jZ?=
    X-OriginatorOrg: houghton.edu
    X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Oct 2020 15:25:36.8451
    (UTC)
    X-MS-Exchange-CrossTenant-Network-Message-Id: a44430fa-51c1-40f8-3818-08d874433b2f
    X-MS-Exchange-CrossTenant-Id: 7af6c8cb-ea78-42bd-bc80-3345238bb9f4
    X-MS-Exchange-CrossTenant-AuthSource:
    BN8NAM04FT059.eop-NAM04.prod.protection.outlook.com
    X-MS-Exchange-CrossTenant-AuthAs: Anonymous
    X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
    X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR15MB1573
    MIME-Version: 1.0



    Example 2:

    Received: from BN8PR16CA0009.namprd16.prod.outlook.com (2603:10b6:408:4c::22)
    by CY4PR15MB1573.namprd15.prod.outlook.com (2603:10b6:903:fc::10) with
    Microsoft SMTP Server (version=TLS1_2,
    cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.27; Mon, 19 Oct
    2020 15:25:38 +0000
    Received: from BN8NAM04FT059.eop-NAM04.prod.protection.outlook.com
    (2603:10b6:408:4c:cafe::ce) by BN8PR16CA0009.outlook.office365.com
    (2603:10b6:408:4c::22) with Microsoft SMTP Server (version=TLS1_2,
    cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.20 via Frontend
    Transport; Mon, 19 Oct 2020 15:25:38 +0000
    Authentication-Results: spf=pass (sender IP is 104.47.58.168)
    smtp.mailfrom=arcticbearinc.com; houghton.edu; dkim=none (message not signed)
    header.d=none;houghton.edu; dmarc=pass action=none
    header.from=arcticbearinc.com;compauth=pass reason=100
    Received-SPF: Pass (protection.outlook.com: domain of arcticbearinc.com
    designates 104.47.58.168 as permitted sender)
    receiver=protection.outlook.com; client-ip=104.47.58.168;
    helo=NAM11-BN8-obe.outbound.protection.outlook.com;
    Received: from NAM11-BN8-obe.outbound.protection.outlook.com (104.47.58.168)
    by BN8NAM04FT059.mail.protection.outlook.com (10.13.160.182) with Microsoft
    SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
    15.20.3455.27 via Frontend Transport; Mon, 19 Oct 2020 15:25:36 +0000
    Received: from CO2PR04CA0064.namprd04.prod.outlook.com (2603:10b6:102:1::32)
    by MW3PR15MB3771.namprd15.prod.outlook.com (2603:10b6:303:4f::9) with
    Microsoft SMTP Server (version=TLS1_2,
    cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.21; Mon, 19 Oct
    2020 15:25:35 +0000
    Received: from CO1NAM04FT011.eop-NAM04.prod.protection.outlook.com
    (2603:10b6:102:1:cafe::35) by CO2PR04CA0064.outlook.office365.com
    (2603:10b6:102:1::32) with Microsoft SMTP Server (version=TLS1_2,
    cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.21 via Frontend
    Transport; Mon, 19 Oct 2020 15:25:35 +0000
    Authentication-Results-Original: spf=pass (sender IP is 104.47.56.175)
    smtp.mailfrom=arcticbearinc.com; houghton.edu; dkim=none (message not signed)
    header.d=none;houghton.edu; dmarc=pass action=none
    header.from=arcticbearinc.com;compauth=pass reason=100
    Received-SPF: Pass (protection.outlook.com: domain of arcticbearinc.com
    designates 104.47.56.175 as permitted sender)
    receiver=protection.outlook.com; client-ip=104.47.56.175;
    helo=NAM11-CO1-obe.outbound.protection.outlook.com;
    Received: from NAM11-CO1-obe.outbound.protection.outlook.com (104.47.56.175)
    by CO1NAM04FT011.mail.protection.outlook.com (10.152.90.158) with Microsoft
    SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
    15.20.3455.27 via Frontend Transport; Mon, 19 Oct 2020 15:25:34 +0000
    Received: from BN8PR15CA0032.namprd15.prod.outlook.com (2603:10b6:408:c0::45)
    by BN6PR15MB1588.namprd15.prod.outlook.com (2603:10b6:404:c7::16) with
    Microsoft SMTP Server (version=TLS1_2,
    cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.27; Mon, 19 Oct
    2020 15:25:32 +0000
    Received: from BN8NAM04FT049.eop-NAM04.prod.protection.outlook.com
    (2603:10b6:408:c0:cafe::2) by BN8PR15CA0032.outlook.office365.com
    (2603:10b6:408:c0::45) with Microsoft SMTP Server (version=TLS1_2,
    cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.22 via Frontend
    Transport; Mon, 19 Oct 2020 15:25:32 +0000
    Authentication-Results-Original: spf=fail (sender IP is 67.219.250.115)
    smtp.mailfrom=arcticbearinc.com; houghton.edu; dkim=none (message not signed)
    header.d=none;houghton.edu; dmarc=fail action=oreject
    header.from=arcticbearinc.com;compauth=fail reason=000
    Received-SPF: Fail (protection.outlook.com: domain of arcticbearinc.com does
    not designate 67.219.250.115 as permitted sender)
    receiver=protection.outlook.com; client-ip=67.219.250.115;
    helo=mail1.bemta24.messagelabs.com;
    Received: from mail1.bemta24.messagelabs.com (67.219.250.115) by
    BN8NAM04FT049.mail.protection.outlook.com (10.13.161.125) with Microsoft SMTP
    Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
    15.20.3455.27 via Frontend Transport; Mon, 19 Oct 2020 15:25:31 +0000
    Return-Path: info@arcticbearinc.com
    Received: from [100.112.132.75] (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256 bits))
    by server-4.bemta.az-b.us-west-2.aws.symcld.net id FF/C1-56365-5EFAD8F5; Mon, 19 Oct 2020 15:25:25 +0000
    X-Brightmail-Tracker: H4sIAAAAAAAAA1WTa0ybZRTHed6+7Vsn1bbM8NJlcenmlbRAdXr
    2YQZNFl/JMiCakOEUy+igSltsi4AYKchEEEa3Ebd2XVZuA7mMcpmUOxTGuDNMsyEOCGXAABlg
    xnU4fVtkzi+//J9zTs7//+E8bAY/hxCwZfFamVopjRayduEt95ceiqYqssJ8R354FtJ62jHQT
    bSzIKWgnoBBuw6HtOxfmNDyexEGtqo6DB6cseCgb73LhLpsKw6OjgR4dC2HgNUiMwPKBlJwMF
    VbMHhsHcfA0b7IhJqrPxGQ3l2Pw9DmFQJWDH0EdKbvgbG/5TBlyWFAia4Lh+JcB23avMKAuVs
    WAu63lhKwlGVhQdOwBcFg+iyC3I5iHPonaxE0jDJgJL+fCSvTWjAsP8IgeauRAEPLBhOKbPSO
    ydUxAu6er8Igr0ePgf7yBoLC0VwcKgYaERhtqxgY5ypxyCi3E/4S6i/dDYwab/iZoAastSyqf
    HmWoLru8CjzxiEq3exBLdZssaiG5gGCmh96njo/aULU6oiOSbXp2xCVvLDGoEoe6hmU/lIhEb
    QvlClXhqviP2NG5U59EXMBi+/NLSB0aBNloGfYfO5LpL3tCsOpWVwRaey97qp7cPeRoxdrcKf
    G6Znbi+uEU3O4PLLbcM9VZ3B9yaH2Jta2fpGsXTC59pBcDnkxbQrf1l7kd6WOf7WEPPP9DLGt
    gbzVO4R2ZtqKh3E9cjc+ZWF8ysL4lIUZMUoQhKvlkVFahVQeLfLz9RX5+UlEfm9IRJI3JWLp1
    6JwcaxGFCfTaEX0M04j1iQoTkZHiJUybRWijywiJvVPK9L9sSS2IS82JnyB87EpK4z/XLgqIi
    FKqokKU8dGyzQ29CqbzU1ezLuDBLhSpZQJSY7hGj3HU8siZfGn5NH02e6Mkmx34W4Ojz5cPkc
    TI1Vo5JHbrR70Cbv9dn4eg+0oKaC57OKai+suFlx3srXNyRlTIc26yzT5Lk+BJ+e405PrXBoV
    q3xiufNZfkV7BR4c5ObmxnePkakVcu3/+3PIk42EHhxvZzR3uVL7JNkcHRqjQx/OznSG1kr/a
    wl02OfKkGjRkfZmZujhE9gxR8Dpx0qmnV3ev99a4n22JQhbTRVe6u6bsHwTXBn36ezbgz4KAz
    he+Q2v8fAOqeioTzkxYz8SeGA6v3nQHhSe+FpmX8CDJJ8ew+a80jSjMu/Of+/Lg43ndqXe7HN
    H1DtfJdXvSdyyzWfmZH/0Ps57S9CmCvSy8m5WQnCpLSPgA37zwgGLytpp/vFoUmFelpA5Hpp/
    cGiYJ/bkb8zb3n25OrS7s0D2LVEWeK8nnhUwVhZ8NOtD7vSKyuJ+SFDZL8vxVPjfOHUhNSRR0
    iTFM04KbZLJtXW5cXxoq7qy6/Ti6Cjzqr8PO0CyHnl8/95jZydCqoS4Jkrq9zpDrZH+A+HOtF
    OnBAAA
    X-Env-Sender: info@arcticbearinc.com
    X-Msg-Ref: server-7.tower-340.messagelabs.com!1603121079!244!1
    X-Originating-IP: [191.232.240.244]
    X-SYMC-ESS-Client-Auth: outbound-route-from=fail
    X-StarScan-Received:
    X-StarScan-Version: 9.60.3; banners=-,-,-
    X-VirusChecked: Checked
    Received: (qmail 26965 invoked from network); 19 Oct 2020 15:25:24 -0000
    Received: from unknown (HELO User) (191.232.240.244)
    by server-7.tower-340.messagelabs.com with SMTP; 19 Oct 2020 15:25:24 -0000
    Reply-To: <majidaluttaim@vivaldi.net>
    From: "MAJID FUTTAIM"<info@arcticbearinc.com>
    Subject: CAN WE PARTNER TOGETHER
    Date: Mon, 19 Oct 2020 23:25:21 +0800
    Content-Type: text/html;
    charset="Windows-1251"
    Content-Transfer-Encoding: 7bit
    X-Mailer: Microsoft Outlook Express 6.00.2600.0000
    X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
    X-CFilter-Loop: Reflected
    Message-ID: <9780a150-8957-4fcc-9116-2291e4430560@BN8NAM04FT049.eop-NAM04.prod.protection.outlook.com>
    To: Undisclosed recipients:;
    X-EOPAttributedMessage: 2
    X-EOPTenantAttributedMessage: 7af6c8cb-ea78-42bd-bc80-3345238bb9f4:2
    X-MS-PublicTrafficType: Email
    X-MS-Office365-Filtering-Correlation-Id: a44430fa-51c1-40f8-3818-08d874433b2f
    X-MS-TrafficTypeDiagnostic: BN6PR15MB1588:|MW3PR15MB3771:|CY4PR15MB1573:
    X-MS-Oob-TLC-OOBClassifiers: OLM:4941;OLM:4941;OLM:4941;
    X-Forefront-Antispam-Report-Untrusted: CIP:67.219.250.115;CTRY:US;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:mail1.bemta24.messagelabs.com;PTR:mail1.bemta24.messagelabs.com;CAT:SPOOF;SFS:(9686003)(31686004)(109986005)(3480700007)(5660300002)(4186021)(4270600006)(558084003)(8676002)(956004)(336012)(31696002)(86362001)(7636003)(6666004)(1096003)(26005)(356005)(7596003)(2700400008);DIR:INB;
    X-Microsoft-Antispam-Untrusted: BCL:0;
    X-Microsoft-Antispam-Message-Info-Original: =?windows-1251?Q?FMYsVfRs+dYTju6lKw8jr/YCfKWkPPo76zHCuC285OPpMRVxeUp0lJ97?=
    =?windows-1251?Q?op87dLO8mJp+936oYsOWc7k1WGK/BwbWKaom1yDgARdKtPm50eAspox0?=
    =?windows-1251?Q?67mI1TV+4dkWVAvdf5UomOg2GzCj4EwBLdqlkll6pnk662FF1FEpeGlW?=
    =?windows-1251?Q?y7H3u8PZonlnHWNrz3RwKopoT0NiAvVjPJxO/FRYbi34pyy2JEw5g9XB?=
    =?windows-1251?Q?ZQehgjc6HwT6CUNIXqrm10lk9+WSSXwUrg/8XkRg7OrSBt/hn/KC96j1?=
    =?windows-1251?Q?EI6Q5HTQofudqNcLhklW0yUjotS6pJ3t0LylvHeIqT4t5CQljQGdUDIF?=
    =?windows-1251?Q?ZD44Jh0TReBY097E5ePt6U+E5+/d5TY+YzjkQPpdd9NQq90lzwoXlPpm?=
    =?windows-1251?Q?Sig3QQwyKNNbjoFt1LGAyp9UhmQqaqND7OrW8y1Mi3jNYnfa6Ena0knQ?=
    =?windows-1251?Q?20jw+0AETTjinWoLSKjyG8YY7ZJcRsjcdv6IeBFfK8RI/9YHXtcac0U1?=
    =?windows-1251?Q?YnwVYya6aOdqH4RMKfjhPN72wEfhHwz1OVg/wxNXfuEtVMKbHpJw/9X2?=
    =?windows-1251?Q?ga/cnUeziTwB/1HZv7hlS3/YIJtrI6odgCtAID0ui8Yn+aFM5Z126u+8?=
    =?windows-1251?Q?+VBO3NSqawj/OTGGH/Ai49a9915RynbBLX9H9CEnouDSYTc8qX+zq6LR?=
    =?windows-1251?Q?d/ChN5ofhYHFlSc/RpK3cuaby4H6/5WZQ3M9UOx53NMRURNlU10BqUYv?=
    =?windows-1251?Q?KNTUjhRrc8Cb5rnq0ujrXSOJ4Zf6H71gqEw9nny0oL+sWobvwq0K/9Tm?=
    =?windows-1251?Q?L+b8vtJwe09uEho/jMcBvQECaamM5zDEdBbPjuHH228uqn/3EreZz0Rl?=
    =?windows-1251?Q?Y4CUMv1UtEXg6z5yHFf5Az/S0wYdWJP232WNKzNWsCKqrfYzkGfWi3rj?=
    =?windows-1251?Q?k2NjX518xEWpKGH/mrw0E8Y09WRnaGRGe+8Bn8UcN4M1ieobF/tT/Ny8?=
    =?windows-1251?Q?JOdwAJxr4XX4yECkQ2Ij3P65h0VneBrT5Rai37zxHm34P9CSVDeV9w44?=
    =?windows-1251?Q?Bd1tZ3NN1kXJKldsxt8vSWGjijETJccuQJX4bctNIXQXFrFFQwYfSQcz?=
    =?windows-1251?Q?HiSauGQcn4kMjl+XNqIdfFP0H0hI3hu9smrrb60N7x8kFqcz3ZxuItrG?=
    =?windows-1251?Q?ufM0zPv+rqS++ytRyfTVw0VOZORHx9Bzbrv1X78F0YfcefVhYFknyJeZ?=
    =?windows-1251?Q?/UBNYGsq2MWqFBt2gYhRpqCv+ruKge9Um8dhHYzxwfzdGTvFpzZZpRTi?=
    =?windows-1251?Q?D3RXxpWFK+Lo1RYBCHEjTQyfYmWMU4JKO5xyng+2vuft0AFLIiNm4lcC?=
    =?windows-1251?Q?aqHSumoh2r/YPgcKKmrOt6K65PxF+nqvRiFu2jXV0ZJGnuFe/P8Ja289?=
    =?windows-1251?Q?3EsmJYHGWte0fuG6sxoa10b4PnjSGAU61wZXfarJCZg/sXAf/3ZWPAKH?=
    =?windows-1251?Q?+DMU9q3KRz5Mol7yHFWn+RdTI3kLc7YSH3v6GJHkJiu5Ns3CFmd7FUfe?=
    =?windows-1251?Q?GRaGhwq+ZyZA5tu2RLvickPE2y8DG8/WlJmictv2gFpL397LeexJXc1A?=
    =?windows-1251?Q?ykY4136NUbUBT5wvFKb7J3BoaXPplr/jb0iLnYjiAdQZm7CpeQ+/HoRu?=
    =?windows-1251?Q?WI07XlQ4ap5thIMAqwT1Bq+WLTKxRN02f2xzbWTob9xTqUtIVdxLgcZ5?=
    =?windows-1251?Q?9Sr2UdmTAiTg32vAS4mhpdUi4zvt/OrU+RGkHvmOP8zZ02uB9+DEbQ3h?=
    =?windows-1251?Q?6DQYZwICvda9hJLsPjOa7sVzq7yAOILFDF+jj9yakLFUazeVDAyaG2su?=
    =?windows-1251?Q?S4RrATRA2fghu2LFErg05PTfr+b4Enst93UW9rFqVqY9eosw2uRnPQ1Z?=
    =?windows-1251?Q?ErAIOk+IWN3NIyqUgCh/f1F7CvcR1+G486CF8dC7RFjwA9Ts40iuVzhQ?=
    =?windows-1251?Q?4AlJl8abWEeD0GFvDlmV1AFe14jXKyErXalfmb1I+nSKmkkKNiQSVWM4?=
    =?windows-1251?Q?n8Qv5tljV9h7kFKoY7sI1pLO0USezbqK5WjvoToazh/R3mm9/5EUDbsb?=
    =?windows-1251?Q?SLw=3D?=
    X-ExternalRecipientOutboundConnectors: 7af6c8cb-ea78-42bd-bc80-3345238bb9f4
    X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR15MB1588
    X-MS-Exchange-Transport-CrossTenantHeadersStripped: CO1NAM04FT011.eop-NAM04.prod.protection.outlook.com
    X-MS-Exchange-Transport-CrossTenantHeadersPromoted: CO1NAM04FT011.eop-NAM04.prod.protection.outlook.com
    X-MS-Office365-Filtering-Correlation-Id-Prvs: 85636768-5d98-4b06-b32b-08d8744337e3
    X-Forefront-Antispam-Report-Untrusted: CIP:104.47.56.175;CTRY:US;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:NAM11-CO1-obe.outbound.protection.outlook.com;PTR:mail-co1nam11lp2175.outbound.protection.outlook.com;CAT:SPM;SFS:(6666004)(3480700007)(5660300002)(7636003)(31686004)(1096003)(4270600006)(336012)(26005)(558084003)(31696002)(8676002)(86362001)(109986005)(9686003)(956004)(2700400008);DIR:INB;
    X-Microsoft-Antispam-Untrusted: BCL:0;
    X-Microsoft-Antispam-Message-Info-Original: =?windows-1251?Q?ie1H/7TnTTWr+5I5WMo2x1GEw0lkdCRxBFSLn/LWjP8zZ6FmTSyGfSgF?=
    =?windows-1251?Q?po+rNpQa1YD8a1Rm+M1KJwgceBlW2Wm2P+yno30YDmTR+6PfFu4PTiHx?=
    =?windows-1251?Q?tYKfxHJ7OioRMmmJdBtau+LFJtPvhDdVmBWn/tfqCykDWVUK/Y9L7NbB?=
    =?windows-1251?Q?yuMZNZ27wOLhBjm7ZNy2XVu8h7k2jiyoFJMtavqUeiLqktw6LdxcCgQL?=
    =?windows-1251?Q?A98PEJpgW4bY5XcSHPudeB9ciTc0vPPq81OpJlm6eUgWZAG9QWvpdRoz?=
    =?windows-1251?Q?TJw8okS6aWcrLw9GryMPy9LlfqKUOTNqifaOIhYotbcf+oQouj11WkP/?=
    =?windows-1251?Q?34+a3BOeMubZ07Za2r/Ll9HUrIa+nxPSDHZ1xXERNND2RI7W/XOu6AiC?=
    =?windows-1251?Q?ncYrSpI+KEa5w08d3lxGWL8kKeJnhNxIcIU9LAoYS31BrFNMEhiQesae?=
    =?windows-1251?Q?URTvvtI9rpykcSMYW9WRHui5kdu1M7UaFwOEwbMkfSsSJnzfACgnczMN?=
    =?windows-1251?Q?t6+qRI1YsjTw3meYDclu6ZKzfxC48BYdG/Lg+NqcnVv63ebI/XLH9jan?=
    =?windows-1251?Q?4Ks1joVqlhRKAYBO89WnNqO7wPP/VcD4NxI/UAIZvA2abIYJt/41muIl?=
    =?windows-1251?Q?bW+ugp8LkjOdrfit0w3xVYd+/B5nupfXUNCUBd8AVlZpgqYUMuf6RaYG?=
    =?windows-1251?Q?ydZIP80UJh6llCCBsUJRaAbbH3GoKOHVwSrSKjm52uLCZERsPy2O7pin?=
    =?windows-1251?Q?OLxf4WWsvKni8wB99zSWvBMPu21vBi7e/Jf733gwAPczQ/Ylb0dGgse7?=
    =?windows-1251?Q?w7WO3aPzlffA9mfURJIu8XFF7OWqB7S09Dnem8/u1i/SIvYb3X9WwY8J?=
    =?windows-1251?Q?Ijx0jOyrEzhVsObEzmaDEF/T7AXLKpe8Nxr64xWxTm0JrWX8GRGF/HYJ?=
    =?windows-1251?Q?S7fYSkw25sRBVNDjuR3N8UdoRqTghvZgIkvUHdSNu62S55LasI5AmGh7?=
    =?windows-1251?Q?+UwgL6DpXnrycrB/RFHv+X+JYGbeC/NzNCNhX9WMkpBfJKZ8amDdluGj?=
    =?windows-1251?Q?BrAThNy66l7UW+X/GFqr8SSaPKpBoHdNRqlW4gNqXAtuzncPAvR1KP7u?=
    =?windows-1251?Q?bb60ZLl0DCd4O8rBAazb91bBN4logjsFkE6+sHsX3K2XlXrflskGmrB9?=
    =?windows-1251?Q?5OiduolV9MA9EUckyl9Qxg01+pI023GXtz1DEEiAIpvx9mx6jiDL699Y?=
    =?windows-1251?Q?hI33Dfy38ZqY/8yHtSVtjtZTtf08dfidW4753TF9xpPNkMDhn0qEuSxO?=
    =?windows-1251?Q?vPuthXYfqDt3/jwEibMbopyVruW6ix1mvazHdB6keLiSOIxgLdN9Laed?=
    =?windows-1251?Q?3kN5FPBs2XAtVdPo8O+wHoxXh6kIHwaYRQ6sepoKLg6eUMUBovOueHH5?=
    =?windows-1251?Q?q83aOkMzb5whO0htXiGyb9R5ZTR5DyoDw+sSdKegtBKKW5JAjH7fi7fk?=
    =?windows-1251?Q?ez8eX1RtbzKqUz/YSHod7NoUhiphdKrkyqGB48b232FfKCNoM+eo49a6?=
    =?windows-1251?Q?khFzxBMtdOvp6TtDFAMP48VA2rdNIMN67FaenHS9+/OcBycH8OB3rdeG?=
    =?windows-1251?Q?ibgVEru3owUEtWYTfk1HKj1SjVXgNqFP5BhXXgxg/pn2KZ1Vv9XHhz5b?=
    =?windows-1251?Q?djCn9TGsVRM+NFm1gx8G1rKPPg8Tq1ER?=
    X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW3PR15MB3771
    X-MS-Exchange-Transport-CrossTenantHeadersStripped: BN8NAM04FT059.eop-NAM04.prod.protection.outlook.com
    X-MS-Exchange-Transport-CrossTenantHeadersPromoted: BN8NAM04FT059.eop-NAM04.prod.protection.outlook.com
    X-MS-Office365-Filtering-Correlation-Id-Prvs:
    9988837f-29b3-4224-8bce-08d87443390c
    X-Forefront-Antispam-Report:
    CIP:104.47.58.168;CTRY:US;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:NAM11-BN8-obe.outbound.protection.outlook.com;PTR:mail-bn8nam11lp2168.outbound.protection.outlook.com;CAT:SPM;SFS:(6666004)(956004)(336012)(1096003)(5660300002)(9686003)(31696002)(558084003)(31686004)(3480700007)(26005)(109986005)(4270600006)(86362001)(7636003)(8676002)(2700400008);DIR:INB;
    X-Microsoft-Antispam: BCL:0;
    X-Microsoft-Antispam-Message-Info:
    =?us-ascii?Q?IfQUTj+ZD/RbtB5PUQVycvdFv8qKG+j5qnagWbFD9Cuc9INBF9thAvmSPJjq?=
    =?us-ascii?Q?m2sZBoSWDX1LcmRL1cddd/uHObNTNBgf9ITDZaKb3edCtz1w2ajejKG4j1Cc?=
    =?us-ascii?Q?j7SVMqdPe3qzsbdD7JRAuDPwHGBS5JxGGHv3QQJ2+QZoNHTs49B+DIvlwt+v?=
    =?us-ascii?Q?oUrWf3hAjj4pP2X0tDbeZ9RGLXDPnqJP/Ww8zZkhgO6kwP+lX/Yi4SM2nKfE?=
    =?us-ascii?Q?+IEdnWVvzzIWBoJy9/WKefkuE9l0nw7Pu99+dXgnCh+uK9lcJ6PqGZ7v7NXb?=
    =?us-ascii?Q?q88FxwAdRKP7rQdYO9Lh+uFPtnAp+nfxW5SyzvnGhIjT+N7y9yard+xxiVXT?=
    =?us-ascii?Q?L6texscQqsCXj0Afj/oQzZ3Inr1ZY/XRBtNEC8bCiDiwZpd2gITCXwQ8ThyQ?=
    =?us-ascii?Q?nqUxxfCAL/oVhpoJo2ZGoMeVMWtVCJ4KOVsMsuZNggiuRdMyBFwkmom9KlEN?=
    =?us-ascii?Q?J7XKjdrzny+GTuqNuOKIf59gpHm9nutsef+FYAV2puKz6TwBJ+xbtCfFBB4C?=
    =?us-ascii?Q?Drx2KS80gsYrVfhb73jGS1R3Xd0oT4rOlDcYennRSWASfW1NS/0scdG/BJtA?=
    =?us-ascii?Q?xEsBnvshVTLTbhgMYwpOr6+GzP3G4Dr4MGqATy5s52ta/C5PKEf4oleF4QrB?=
    =?us-ascii?Q?cavZ6MNS/1aAPjc3ZIwwEhS3CU7ttFRQm5C/7b0Sts4m+5fPnqH4sZRSx5St?=
    =?us-ascii?Q?gPmzjuz0jgXd9kOCKKPANHlg2GH95F6tjaL6J22sc1jzX0HASQ36pqOTM8xz?=
    =?us-ascii?Q?9Oqd+OWCcPynO8V8gdfyzTdv0eGL0pJjAyf8QqPxf3LTDImQxIvUaMPPgcnw?=
    =?us-ascii?Q?+9xat6Vva/r5rkJT8wDuImw5dlmFwpvwHh5U8Zed8AN9oiisG7Z8I/1gT7Na?=
    =?us-ascii?Q?AvrYS2GBUofshxsuhtauB7qHpaQ1AEYKxKkDMkTsp2NhLpfvShj8s1UOPzhr?=
    =?us-ascii?Q?4fPO3z/g82066g92CHiUyoDzWjsdo4PwTqlUqN188UdaMgbejePnB0A8vc2s?=
    =?us-ascii?Q?z6JIJPDq0mi4tmDANwUR4k5H20EejKUq1t5ff0Jgs2OGcsa80Vp+MGyYDn5G?=
    =?us-ascii?Q?KpYCaYaWEdjwv5W0W+EgQHhAuys//nXNh5YPmPwh+ikTdXjcIzi/JxCkF7di?=
    =?us-ascii?Q?9fOctCSa3pbY/Ko17whKa7JixTcmcMOnpym78WCHlfH9pa95XO6xR0dLyjSu?=
    =?us-ascii?Q?GR7Lrpi7OCa+LXp1g4GtFR4epOgn2u0NY0sx1VP/+s5ap33HjOhV1kg4waSc?=
    =?us-ascii?Q?kdd0cgwbomzsuBQrwXDIa7hrhRJQIesD2/1yuD8/t/um9q0H7lhdi5rDLjA2?=
    =?us-ascii?Q?cnOebzvHZ5AsKIlr9txAuRSJbYP5cbeRos2DmSs72Lq/wBSLATIUAK3whMBD?=
    =?us-ascii?Q?ZiV7SAmVmdGB9OoUguykH86iWiq4hH32ZjzDf5PGR5FBgoMxTuHN7Qeffai/?=
    =?us-ascii?Q?j8+X+zsSGZrC6hRUJi+qnqCj5de2pcZib1FSkaiNZXIm820l2I6i7iS2eWJJ?=
    =?us-ascii?Q?XF+M1HBDd5oB67QbaBeShAtD63GjjPUeIObot2Iif4KjOAHBIYDdcku7Eype?=
    =?us-ascii?Q?nYjXr25IUl/+ME/Phkk3xpcyu+ul3P8NSzYpD6jZ?=
    X-OriginatorOrg: houghton.edu
    X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Oct 2020 15:25:36.8451
    (UTC)
    X-MS-Exchange-CrossTenant-Network-Message-Id: a44430fa-51c1-40f8-3818-08d874433b2f
    X-MS-Exchange-CrossTenant-Id: 7af6c8cb-ea78-42bd-bc80-3345238bb9f4
    X-MS-Exchange-CrossTenant-AuthSource:
    BN8NAM04FT059.eop-NAM04.prod.protection.outlook.com
    X-MS-Exchange-CrossTenant-AuthAs: Anonymous
    X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
    X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR15MB1573
    MIME-Version: 1.0




  • 10.  RE: one of our domains is being email bombed by messagelabs daily

    Broadcom Employee
    Posted 10-21-2020 01:45 PM
    Hello Paul;

    The headers help but having the full message including the body would better assist in diagnosis.

    John F.
    Broadcom