PayPal has been the talk of the town the last couple of weeks – at least in the SpamAssassin User’s Group. Hackers have been sending out fraudulent Emails. They pass SPF checks. They pass DKIM signing checks. In Email, the only headers you can really trust are your own and all of the Emails were sent from outbound.protection.outlook.com. Assuming Microsoft was preserving headers correctly, then some of the bad SMTP hosts are:
66.211.170.93 66.211.170.94 173.0.84.232 173.0.84.227
You’d figure that PayPal, probably the world’s largest online payment processor, would run a tight ship. Well, you’d be wrong. I thought I’d take a shot at contacting PayPal about the problem. Even looking at the infinite SPF records they publish, you don’t have to be a rocket scientist to know that a network of ip4:66.211.170.85/30 isn’t right.
So I login to PayPal -> Contact and am greeted by their (De)?Generative AI:
IMHO, if PayPal can’t get DNS, Email, SPF, and DKIM working there is no hope for them. They shouldn’t even be allowed to sell a pencil.
Enough with this AI cow patty. What’s needed here is some actual human intelligence.