Generally spam e-mail, i've always received, have content purporting to be from reputable companies but taking a look indeed the e-mail i can see generally that came from a mispelled or totally wrong sender.
Well, now i've just received one spam e-mail that seems really to came from the correct domain of a bank and i wonder how can spammer are able to modify the sender in order to pretend to be the corret mail of a company.
So i checked the header of the e-mail and i found out a couple of things that i would like to understand if you can explain me and maybe help me avoiding these tricky spam e-mail
One is this spf error that i don't understand:
Received-SPF: softfail
(spoofeddomain.it: Sender is not authorized by default to use 'info@spoofeddomain.it' in 'mfrom' identity, however domain is not currently prepared for false failures (mechanism '~all' matched))
receiver=mail.mydomain.com;
The second one is that inside the header of the mail i see these two fields X-AuthUser and From that are different and i would like to understand how can spammer can send e-mail impersonate info@spoofed.com but in realty they are info@bargainsteel.co.nz.
X-AuthUser: info@bargainsteel.co.nz
From: BANK <info@SpoofedDomain.com>
To: <mymail@mydomain.ch>
Subject: Sicurezza
Date: Mon, 20 Jan 2020 16:19:41 +0100
Message-ID: <20200120161941.8F6A72FC2DF42A30@Bank.com>
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
X-Source-IP: 185.12.20.226
X-Exim-ID: 20200120161941.8F6A72FC2DF42A30
X-Sender-Auth: info@bargainsteel.co.nz
X-Local-Domain: bargainsteel.co.nz
Return-Path: info@SpoofedDomain.com