I'm getting the dumbest spam ever lately...

Yeah I've been getting an uptick in the same stuff lately. It's easy enough to ignore, but from time to time I ignore something legit and that ends up biting me.

quote:

---

What kinda idiot wouldn't notice something so obvious and why do these cock suclkers think it will work

---

Because it does work. That's why they keep doing it.

The consulting company I'm working for sent out a notice about this Docusign scam this AM. They use M365, which is funny. M365 blocks emails from H-E-B for me, but doesn't catch scammy shite like this (yet.)

quote:

---

Yep, I ignored him. I'm not in the habit of responding to know it all dumb asses like TigerGman.

---

quote:

---

The usual bullshite. Signed this Docusign. Enter your email passwords to access this site through Outlook. All the usual bullshite.

But something new last month.

The emails are coming to me FROM me! Same email address!

What kinda idiot wouldn't notice something so obvious and why do these cock suclkers think it will work? Anybody else seeing this?

---

get the email source code and feed it into an ai bot like claude and have them look at why it made it into your inbox. you probably have your dmarc not setup properly. I just went thru this over the last few weeks and I cut out 99.9% of this type of bullshite.

Starting point
Your domains were at p=none — DMARC was monitoring only, not enforcing. Anyone could spoof your domains and mail would still deliver.
SPF
Both domains were configured with include:spf.protection.outlook.com pointing to Microsoft 365. One domain had an additional legitimate third-party sender included for a business invoicing/accounting service. Both use hard fail (-all) meaning anything not on the list is rejected outright.
DKIM
Verified DKIM was enabled and working on your primary domain using selector1 via Microsoft 365. Your secondary domain was confirmed to be missing DKIM — still an open action item to enable it in the Defender portal.
DMARC progression
Walked through the full progression from p=none ? p=quarantine ? p=reject. Both domains are now at p=reject with sp=reject covering subdomains as well. Reporting (rua) is configured to consolidate to a single mailbox on your primary domain.
DMARC reports reviewed
Analyzed four aggregate reports from three different reporters covering two consecutive 24-hour windows. All outbound mail from your primary domain passed SPF and DKIM cleanly across all reporters. One spoofing attempt against your secondary domain was detected and rejected — DMARC enforcement worked exactly as intended.
Inbound threat — spam/malware email
Analyzed a suspicious inbound email with a randomly named PDF attachment and near-empty body. Determined it got through because it originated from legitimate mail infrastructure and passed all authentication checks — a content/behavior problem, not an authentication one. Identified three mitigations: Safe Attachments (requires license verification), a custom Exchange mail flow rule targeting empty-body + PDF attachment combinations, and tightening the phishing action from Junk to Quarantine in the anti-spam policy.
Open action items

Enable DKIM on secondary domain in Defender portal
Confirm Microsoft 365 license tier to determine Safe Attachments availability
Change phishing message action to Quarantine in anti-spam policy
Consider Exchange mail flow rule for empty-body + attachment pattern