cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

marketing mail from sap via mktomail.com

thomas_langeneck
Discoverer

on ‎2023 Dec 04 11:04 AM

0 Kudos
612

We got a huge amount of suspicious mails from sap.com.
When we examined the header file we found as sender nktomail.com.

Is there a posibility to verify this mails?

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

martin_parent
Product and Topic Expert
Product and Topic Expert
‎2023 Dec 04 1:45 PM
0 Kudos

Hello Thomas,

Based on mxtoolbox, online tool, that domain mktomail would be owned by Adobe inc. This tool offers many checks that you can perform. I noticed one of their IPs 199.15.214.178 seems blacklisted by UCEPROTECTL3 , but overall all other IPs seem to be good and the domain seems to be healthy.

Why do you believe SAP Marketing is sending those emails if the sender email domain is mktomail? Where do you see SAP's domain?

Best regards,

Martin.

Show replies
Show replies
thomas_langeneck
Discoverer
‎2023 Dec 05 5:34 AM
0 Kudos

Hello Martin,

you are right. I can't see SAP's domain in the header. That's the reason, why we handled the mails as suspicious.

And I'm asking this Question.

spam-suspicious.jpg

Although the look and feel ist consistent

spam-suspicious-picture.jpg

martin_parent
Product and Topic Expert
Product and Topic Expert
‎2023 Dec 05 4:25 PM
0 Kudos

Hello Thomas,

@mail.sap.com is a valid SAP domain which is protected by DMARC, DKIM, SPF so those emails are legitimate if SPF passed they are authenticated and delivered to recipient's mailbox. Adobe might be an intermediate server here. You need to analyze the email properties headers (e.g. SPF, DKIM, sender, return-path) but high chances those emails are correct. I couldn't see anything suspicious based on provided screenshots.

Regards,

Martin.

Ask a Question