1. Diary
-
On 2025-06-04 at 16:27 removed verena@shoklo-unit.com email account in Microsoft 365 admin center.
-
On 2025-06-04 at 16:25 removed email forwarding to Verena.Carrara@unige.ch in Microsoft 365 admin center.
-
On 2025-06-04 at 16:05 changed SPF TXT DNS records at DNSMadeEasy for both the bhf-th.org and shoklo-unit.com domains. SMRU: v=spf1 ip4:110.77.148.10 include:jrmz7l2eov.powerspf.com include:spf.protection.outlook.com ~all =⇒ v=spf1 include:jrmz7l2eov.powerspf.com ~all TBHF: v=spf1 ip4:110.77.148.10 include:j6xv3tpoo5.powerspf.com include:spf.protection.outlook.com ~all =⇒ v=spf1 include:j6xv3tpoo5.powerspf.com ~all
-
On 2025-05-26 at 16:30 removed email forwarding to smru-it@shoklo-unit.com in the smru0it@gmail.com account.
-
On 2025-05-15 at 10:25 set the DMARC policy to reject for both the bhf-th.org and shoklo-unit.com domains.
-
On 2025-05-13 at 16:45 for the bhf-th.org domain added the ip4:110.77.148.10 string to the SPF TXT record.
-
On 2025-05-13 at 16:45 for the shoklo-unit.com domain added the ip4:110.77.148.10 string to the SPF TXT record.
-
On 2025-05-12 at 18:55 for the bhf-th.org domain removed the 0ed1fe018aff07cc27ee244f1bbf9725a068fc8648 SPF TXT record.
-
On 2025-05-12 at 18:55 for the shoklo-unit.com domain removed the 0ed1fe018acfcd3b614a2745be9861bdfa449a5cfd SPF TXT record.
-
On 2025-05-12 at 18:48 for both the bhf-th.org and shoklo-unit.com domain removed the 1st ~all string from all SPF TXT records.
-
On 2025-05-12 at 13:00 added Inbound IP shoklo-unit.com policy in Mimecast Administration Console at Gateway > Policies > Definitions > Delivery Routes.
-
On 2025-05-12 at 13:00 renamed Inbound IP policy to Inbound IP bhf-th.org in Mimecast Administration Console at Gateway > Policies > Definitions > Delivery Routes.
-
On 2025-05-12 at 11:48 for both the bhf-th.org and shoklo-unit.com domain removed the 2nd v=spf1 string from all SPF TXT records.
-
On 2025-05-12 at 10:45 for both the bhf-th.org and shoklo-unit.com domain changed all SPF TXT records from -all (Fail) to ~all (SoftFail).
-
See also SPF Authentication: SPF-all vs ~all.
-
-
On 2025-05-12 at 10:30 the following line was added for the bhf-th.org domain to the TXT DNS record with value v=spf1 include:j6xv3tpoo5.powerspf.com -all.
-
On 2025-05-12 at 10:30 the following line was added for the shoklo-unit.com domain to the TXT DNS record with value v=spf1 include:jrmz7l2eov.powerspf.com ~all.
include:spf.protection.outlook.com -all
2. Email Headers
-
Copy the header from the email to analyze.
-
Open Outlook.
-
Select the email to analyze.
-
Option 1: Select File > Properties.
-
Option 2: Select Message > Tags > Message Options by clicking on the expand icon.
-
Select the Internet headers text box.
-
Type
Ctrl Ato select all the email header lines. -
Type
Ctrl Cto copy all the email header lines. -
Select Close.
-
Close Outlook.
-
-
Browse to Learn and Test DMARC.
-
Browse to Microsoft Azure - Message Header Analyzer.
-
Browse to MX Toolbox - Email Header Analyzer.
-
Browse to PowerDMARC - MailAuth Analyzer after having signed in with *smru-it@shoklo-unit.com.
2.1. Learn and Test DMARC
-
Browse to Learn and Test DMARC.
-
Right-click ld-9335588a03@learndmarc.com" and select *Copy email address.
-
Browse to https://temp-mail.org.
-
Clikc the Copy to clipboard icon.
2.1.1. Linux
-
[note] Note: All Debian Linux servers are set up to relay their email to the Sophos firewall.
-
Enter the following commands at a Command Line.
# TBHF-ANC-MRM echo | mail -s Test ld-9335588a03@learndmarc.com echo | mail -s Test douwe@shoklo-unit.com,ld-9335588a03@learndmarc.com echo | mail -s Test douwe@shoklo-unit.com,ld-9335588a03@learndmarc.com,pibef66637@inkight.com echo | mail -s Test douwe@shoklo-unit.com,ld-9335588a03@learndmarc.com,pibef66637@inkight.com,5y37dg9y63qpz2ox@check.dmarc-dns.com # TBHF-OPS-MRM echo | mail -r apc299@shoklo-unit.com -s Test douwe@shoklo-unit.com,ld-9335588a03@learndmarc.com,pibef66637@inkight.com,5y37dg9y63qpz2ox@check.dmarc-dns.com echo | mail -r apc399@shoklo-unit.com -s Test douwe@shoklo-unit.com,ld-58b02b3004@learndmarc.com,pibef66637@inkight.com,5y37dg9y63qpz2ox@check.dmarc-dns.com# TBHF-OPS-MRM echo "" | mail -r apc099@shoklo-unit.com -s Test douwe@shoklo-unit.com,ld-58b02b3004@learndmarc.com,pibef66637@inkight.com,5y37dg9y63qpz2ox@check.dmarc-dns.com echo "https://pornhub.org" | mail -r apc099@shoklo-unit.com -s Test douwe@shoklo-unit.com,ld-58b02b3004@learndmarc.com,pibef66637@inkight.com,5y37dg9y63qpz2ox@check.dmarc-dns.com
2.1.2. PowerShell
-
Enter the following commands at a Command Prompt with administrative privileges.
Send-SecureEmail -From powershell@shoklo-unit.com -To ld-9335588a03@learndmarc.com Send-SecureEmail -From apc099@shoklo-unit.com -To ld-9335588a03@learndmarc.com Send-SecureEmail -From apc599@shoklo-unit.com -To douwe@shoklo-unit.com,ld-58b02b3004@learndmarc.com,pibef66637@inkight.com,5y37dg9y63qpz2ox@check.dmarc-dns.comSend-SecureEmail -Body test -From apc099@shoklo-unit.com -Subject Test-099 -To douwe@shoklo-unit.com,ld-58b02b3004@learndmarc.com,pibef66637@inkight.com,5y37dg9y63qpz2ox@check.dmarc-dns.com Send-SecureEmail -Body https://pornhub.org -From apc099@shoklo-unit.com -Subject Test-099 -To douwe@shoklo-unit.com,ld-58b02b3004@learndmarc.com,pibef66637@inkight.com,5y37dg9y63qpz2ox@check.dmarc-dns.com
2.1.3. Analyze
-
Press any key to continue in the Learn and Test DMARC webpage.
Connection parameters Mailx PowerShell --------------------- ----------------- --------------- Source IP address 185.58.86.192 Hostname eu-smtp-delivery-192.mimecast.com Sender powershell@shoklo-unit.com SPF: Domain shoklo-unit.com SPF: Auth Result PASS SPF: DMARC Alignment PASS DKIM: Domain shoklo-unit.com DKIM: Auth Result PASS DKIM: DMARC Alignment PASS DMARC : Policy (p=) none DMARC: SPF PASS DMARC: DKIM PASS DMARC: DMARC Result PASS
3. Information
-
See SPF Authentication: SPF-all vs ~all.
host -t MX bhf-th.org host -t TXT bhf-th.org host -t MX shoklo-unit.com host -t TXT shoklo-unit.com host -t MX tropmedres.ac host -t TXT tropmedres.acbhf-th.org mail is handled by 10 eu-smtp-inbound-1.mimecast.com. bhf-th.org mail is handled by 10 eu-smtp-inbound-2.mimecast.com. bhf-th.org descriptive text "v=spf1 include:j6xv3tpoo5.powerspf.com ~all include:spf.protection.outlook.com ~all" bhf-th.org descriptive text "0ed1fe018aff07cc27ee244f1bbf9725a068fc8648" shoklo-unit.com mail is handled by 10 eu-smtp-inbound-2.mimecast.com. shoklo-unit.com mail is handled by 10 eu-smtp-inbound-1.mimecast.com. shoklo-unit.com descriptive text "v=spf1 include:jrmz7l2eov.powerspf.com ~all include:spf.protection.outlook.com ~all" shoklo-unit.com descriptive text "0ed1fe018acfcd3b614a2745be9861bdfa449a5cfd" tropmedres.ac mail is handled by 10 eu-smtp-inbound-1.mimecast.com. tropmedres.ac mail is handled by 10 eu-smtp-inbound-2.mimecast.com. tropmedres.ac descriptive text "v=spf1 include:1z9h5olkwk.powerspf.com ~all"
4. SMTP
-
Enter the following commands at a Command Prompt.
nslookup.exe -type=mx shoklo-unit.com nslookup.exe -type=mx bhf-th.org nslookup.exe -type=mx tbhf.onmicrosoft.comServer: SMRU-AD02.smru.shoklo-unit.com Address: 10.10.1.1 Non-authoritative answer: shoklo-unit.com MX preference = 0, mail exchanger = shoklounit-com01e.mail.protection.outlook.com shoklounit-com01e.mail.protection.outlook.com internet address = 104.47.124.36 shoklounit-com01e.mail.protection.outlook.com internet address = 104.47.125.36 Server: SMRU-AD02.smru.shoklo-unit.com Address: 10.10.1.1 Non-authoritative answer: bhf-th.org MX preference = 0, mail exchanger = bhfth-org0i.mail.protection.outlook.com Server: SMRU-AD02.smru.shoklo-unit.com Address: 10.10.1.1 Non-authoritative answer: tbhf.onmicrosoft.com MX preference = 0, mail exchanger = tbhf.mail.protection.outlook.com
-
See https://serverfault.com/questions/148401/how-do-i-check-a-ptr-record.
dig -x 110.77.148.10 8.8.8.8get-publicgeoinfo nslookup.exe -type=ptr 110.77.148.10Server: SMRU-AD02.smru.shoklo-unit.com Address: 10.10.1.1 Non-authoritative answer: 10.148.77.110.in-addr.arpa name = mail.shoklo-unit.com
telnet mail.shoklo-unit.com 25 telnet shoklo-unit.com 25