Received-SPF: pass (Last token {include:spf.zixsmbhosted.com} (res=PASS)) client-ip=207.195.186.104; envelope-from=<fbulk@mypremieronline.com>; x-ip-name=spfaus-ryw-rqu.zixsmbhosted.com;
X-Received: from zh-gw.zixsmbhosted.com (spfaus-ryw-rqu.zixsmbhosted.com [207.195.186.104])
by netwin.co.nz (SurgeMail 7.6e) with ESMTP (TLS) id 1428094-1391920
for <surgemail-list@netwin.co.nz>; Wed, 08 Sep 2021 16:57:45 +0000
X-Return-Path: fbulk
X-Received: from 127.0.0.1 (ZixVPM [127.0.0.1])
by Outbound.zh-gw.zixsmbhosted.com (Proprietary) with SMTP id 3A23CE1889
for <surgemail-list@netwin.co.nz>; Wed, 8 Sep 2021 11:57:44 -0500 (CDT)
X-Received: from encrouter04.b.smb.prod.austin.zixnet.com (encrouter04.b.smb.prod.austin.zixnet.com [10.155.130.34])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by zh-gw.zixsmbhosted.com (Proprietary) with ESMTPS id F16F7E1888
for <surgemail-list@netwin.co.nz>; Wed, 8 Sep 2021 11:57:43 -0500 (CDT)
X-Received: from pcscmail002.MUTUALTEL.MTCNET.NET (mail.mypremieronline.com [199.120.69.84])
by encrouter04.b.smb.prod.austin.zixnet.com (Postfix) with ESMTPS id CC3EB790
for <surgemail-list@netwin.co.nz>; Wed, 8 Sep 2021 11:57:43 -0500 (CDT)
X-Received: from pcscmail002.MUTUALTEL.MTCNET.NET (2607:fe28:11:4000::71) by
pcscmail002.mutualtel.mtcnet.net (2607:fe28:11:4000::71) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
15.1.2242.12; Wed, 8 Sep 2021 11:57:43 -0500
X-Received: from pcscmail002.MUTUALTEL.MTCNET.NET ([fe80::7036:235:e3a9:cf01])
by pcscmail002.MUTUALTEL.MTCNET.NET ([fe80::7036:235:e3a9:cf01%12]) with mapi
id 15.01.2242.012; Wed, 8 Sep 2021 11:57:43 -0500
From: Frank Bulk
To: "surgemail-list@netwin.co.nz" <surgemail-list@netwin.co.nz>
Subject: [SurgeMail List] IMAP used to find gift cards
Thread-Topic: IMAP used to find gift cards
Thread-Index: Adek0f0l5EnPB2gKTbW8bbANsBhCWA==
Date: Wed, 8 Sep 2021 16:57:33 +0000
Deferred-Delivery: Wed, 8 Sep 2021 16:57:00 +0000
Message-ID: <30aa94b33c2d455ba210563c737222c0@mypremieronline.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
X-x-originating-ip: [2607:fe28:11:4000:54bf:5235:2837:7b8c]
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-ZIXHOSTED-CUSTOMER: pre51250
X-VPM-MSG-ID: dc1934ab-f853-46ff-bab2-62a4165dc872
X-VPM-HOST: zgw-pre51250.b.smb.prod.austin.zixnet.com
X-VPM-GROUP-ID: 19d37a5e-d822-48f9-af52-ddee996c8b7c
X-VPM-ENC-REGIME: Plaintext
X-VPM-IS-HYBRID: 0
X-Originating-IP: 207.195.186.104
X-Country: code=US country="United States" ip=207.195.186.104
X-Qnum: 1428094
X-ORBS-Stamp: hostkarma_quitok
X-Rcpt-To: <surgemail-list@netwin.co.nz>
X-SpamDetect: *****: 5.0 sd=5.0 lv=0.00 nok=64/6 m=45 nf=0 Close 0.90(X-Phrase:isspam) 0.10(X-myrbl:Color=yellow) 0.10(X-SpamContent:clean) 0.80(X-Verify-Helo:-ERR) 0.76(X-Verify-Helo:wrongip) 0.69(X-NotAscii:us-ascii) 0.31(yellow_noinfo) 0.40(X-Verify-MX present) 0.45(spfpass) 0.46(StandardTLD) 0.48(X-LangGuess:English) Saned 5.0 Sval 6.8 bsan 5.0 NotSaned s=6.8 was=5.0 Sval 6.8
X-NotAscii: charset=us-ascii
X-SpamContent: Clean
X-LangGuess: English
X-Phrase: IsSpam score=1.00
X-Verify-Helo: -ERR wrongip: zh-gw.zixsmbhosted.com -> 74.203.*.* not in 207.195.186.104
X-Verify-MX: <fbulk@mypremieronline.com> senders ip (ch=207.195.186.104 msg=207.195.186.104, net=207.195.) not in mx data dom=mypremieronline.com ipname=spfaus-ryw-rqu.zixsmbhosted.com (199.120.69.25 208.80.201.172 208.80.201.)
X-Encryption: SSL encrypted
X-MyRbl: Color=Yellow Age=1 Spam=0 Notspam=0 Stars=0 Good=63 Friend=46 Surbl=0 Catch=0 r=0 ip=207.195.186.104
X-IP-stats: No info recorded yet ip=207.195.186.104
List-Unsubscribe: <mailto:surgemail-list-leave@netwin.co.nz?subject=unsubscribe>
X-Mailing-List: surgemail-list@netwin.co.nz
List-ID: <surgemail-list@netwin.co.nz>
Precedence: bulk
Reply-To: surgemail-list@netwin.co.nz
Here's a good article on this topic of using IMAP's search to find gift cards: https://krebsonsecurity.com/2021/09/gift-card-gang-extracts-cash-from-100k-inboxes-daily/
Apparently if we could search our IMAP logs we would be able to find signs of this activity ... but I don't think Surgemail (by default) retains a verbose log of all the IMAP activity, which would be a lot.
Is there a way that just IMAP SEARCH activity could be verbosely logged?
Frank
|