[HLUG] Odd security email

Julian Robbins joolsr1 at gmail.com
Sun Oct 13 22:04:15 UTC 2019 

Headers look ok to me.

Authentication-Results: mx.google.com;
       dkim=pass header.i=@booking.com header.s=bk header.b=G0zx9DNF;
       spf=pass (google.com: domain of noreply at mailer.booking.com
designates 37.10.30.5 as permitted sender) smtp.mailfrom=
noreply at mailer.booking.com;
       dmarc=pass

SPf and Dkim are ok....

Julian

On Sun, 13 Oct 2019 at 23:02, Julian Robbins <joolsr1 at gmail.com> wrote:

> Delivered-To: joolsr1 at gmail.com
> Received: by 2002:a25:e6cb:0:0:0:0:0 with SMTP id d194csp3229343ybh;
>         Sun, 13 Oct 2019 04:09:29 -0700 (PDT)
> X-Google-Smtp-Source: APXvYqxcxL4Jog8KOMbIkM9j6fwn3dE9bkL0AshIlePkcCAy4LM+iL6ZeCM0WPOLlg9EUfY3epg9
> X-Received: by 2002:a50:d794:: with SMTP id w20mr23191759edi.258.1570964969771;
>         Sun, 13 Oct 2019 04:09:29 -0700 (PDT)
> ARC-Seal: i=1; a=rsa-sha256; t=1570964969; cv=none;
>         d=google.com; s=arc-20160816;
>         b=0GkNK33QP4y44R5WIx1TFnq3OuLqyyD5JSCGVdQSB4scSPw8ir6ZIpw5GGv2vQVvzG
>          h5C3XQCHVKY4NX/IYoW+b/fOrVntaYggEGRBdNjYF9JT+ywdIowRaGkQZkhVI9Iryq+E
>          CCtwVZESLnMjCY/xatPgG5Vp6JPhwfZAcc8bHELOoSerVWxst7KoFm5sGadSFHN75MbS
>          hL0pmM28dotaEEEUUALuc9n/BgtQk6L6WSnh2vSQtXaxLyMhJI/y1m17vSVoYAHbTOGC
>          oGE7KXlSPeknPW1LJLsFxWqfRz5/e0BZlTDfpuxTUszaMz/MBAItggantuRUMTWa4Ecg
>          InQQ==
> ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
>         h=message-id:sender:from:to:subject:reply-to:date:mime-version
>          :dkim-signature:content-transfer-encoding;
>         bh=qo9stLkA7jDx1CC8eXAeu3vu6MeGIrIbzZkqHrTbe6A=;
>         b=JLnTVmjzS2o/dCdiiqRyeeVpOVYoe1h/Y7MNfKVmVtV/g21EvtVEm32eRe8mVvVjwS
>          KH+ULR+Wn4MGQA713Hm6JFg4aDs5wkPBS5v1Zql3JeaJmSKmHsXECy+bGo1zICEtRCRa
>          pduSev4svTEROo3iT4EavKehK1c3i+R/G217w6WryNqiahOvkLCy4jgLcPfeBHMk7u0N
>          f3XPWbDcy+lTlRBIuG0yczwqHAXGDMySjserIzi36nJTZ06ESznGA/ztGb4aSVv3+Bjj
>          enxp8GF9a4YwCVbpuT6Tp8U0dYcY9K6uS8WkAz192nbLn7btsOzszhZmP2miOOsHV3Wt
>          Fm5g==
> ARC-Authentication-Results: i=1; mx.google.com;
>        dkim=pass header.i=@booking.com header.s=bk header.b=G0zx9DNF;
>        spf=pass (google.com: domain of noreply at mailer.booking.com designates 37.10.30.5 as permitted sender) smtp.mailfrom=noreply at mailer.booking.com;
>        dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=booking.com
> Return-Path: <noreply at mailer.booking.com>
> Received: from mailout-202-r4.booking.com (mailout-202-r4.booking.com. [37.10.30.5])
>         by mx.google.com with ESMTPS id h90si10371992edd.178.2019.10.13.04.09.29
>         for <joolsr1 at gmail.com>
>         (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
>         Sun, 13 Oct 2019 04:09:29 -0700 (PDT)
> Received-SPF: pass (google.com: domain of noreply at mailer.booking.com designates 37.10.30.5 as permitted sender) client-ip=37.10.30.5;
> Authentication-Results: mx.google.com;
>        dkim=pass header.i=@booking.com header.s=bk header.b=G0zx9DNF;
>        spf=pass (google.com: domain of noreply at mailer.booking.com designates 37.10.30.5 as permitted sender) smtp.mailfrom=noreply at mailer.booking.com;
>        dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=booking.com
> Content-Transfer-Encoding: binary
> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=booking.com; s=bk; t=1570964969; bh=qo9stLkA7jDx1CC8eXAeu3vu6MeGIrIbzZkqHrTbe6A=; h=Content-Type:MIME-Version:Date:Reply-To:Subject:To:From:Sender:
> 	 Message-Id:From; b=G0zx9DNFiMTyUbeyJz6ogUVW2y/76u14/OzWF88P8/tR7Jx0lQsIyb++a62mdIGdz
> 	 ZXP3qz029XCq2UhqaH0QTOyx1JB0WxqAjxCfFcQnS1GgmzuZIZSf5gfS9F+CyCRfTj
> 	 FfDG9KlkXOQq+prAp55JRV3/pg/cQ3MEyu82ELzg=
> Content-Type: multipart/alternative; boundary="_----------=_157096496947428667"
> MIME-Version: 1.0
> Date: Sun, 13 Oct 2019 13:09:29 +0200
> Reply-To: noreply at booking.com
> Subject: As a precaution, you need to reset your Booking.com password
> To: joolsr1 at gmail.com
> From: noreply at booking.com
> Sender: noreply at booking.com
> X-Bme-Id: 12464730202
> Message-Id: <46rf8n2wSHzyD7 at outgoing--mailrouter-206.lhr4.prod.booking.com>
>
>
>
> On Sun, 13 Oct 2019 at 22:53, Keith Edmunds via Herefordshire <
> herefordshire at mailman.lug.org.uk> wrote:
>
>> > I just received the email purporting to be from booking.com
>>
>> Paste the headers.
>> --
>> "You can lead a horse to water but you can't make it learn grammar" -
>> Reddit
>>
>> --
>> Herefordshire LUG mailing list
>> Web:  http://www.herefordshire.lug.org.uk
>> List: https://mailman.lug.org.uk/mailman/listinfo/herefordshire
>
>

More information about the Herefordshire mailing list