on 2023 Dec 04 11:04 AM
We got a huge amount of suspicious mails from sap.com.
When we examined the header file we found as sender nktomail.com.
Is there a posibility to verify this mails?
Hello Thomas,
Based on mxtoolbox, online tool, that domain mktomail would be owned by Adobe inc. This tool offers many checks that you can perform. I noticed one of their IPs 199.15.214.178 seems blacklisted by UCEPROTECTL3 , but overall all other IPs seem to be good and the domain seems to be healthy.
Why do you believe SAP Marketing is sending those emails if the sender email domain is mktomail? Where do you see SAP's domain?
Best regards,
Martin.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Martin,
you are right. I can't see SAP's domain in the header. That's the reason, why we handled the mails as suspicious.
And I'm asking this Question.
Although the look and feel ist consistent
Hello Thomas,
@mail.sap.com is a valid SAP domain which is protected by DMARC, DKIM, SPF so those emails are legitimate if SPF passed they are authenticated and delivered to recipient's mailbox. Adobe might be an intermediate server here. You need to analyze the email properties headers (e.g. SPF, DKIM, sender, return-path) but high chances those emails are correct. I couldn't see anything suspicious based on provided screenshots.
Regards,
Martin.
User | Count |
---|---|
12 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.