I got this from Chantelle.
Received: from SN1NAM02HT001.eop-nam02.prod.protection.outlook.com
(10.169.33.178) by SN1PR19MB0463.namprd19.prod.outlook.com with HTTPS via
SN1PR17CA0040.NAMPRD17.PROD.OUTLOOK.COM; Mon, 17 Jul 2017 18:11:50 +0000
Received: from SN1NAM02FT008.eop-nam02.prod.protection.outlook.com
(10.152.72.55) by SN1NAM02HT001.eop-nam02.prod.protection.outlook.com
(10.152.73.30) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.1240.9; Mon, 17
Jul 2017 18:11:50 +0000
Authentication-Results: spf=pass (sender IP is 50.19.253.65)
smtp.mailfrom=toastmastersclubs.org; hotmail.com; dkim=pass (signature was
verified) header.d=toastmastersclubs.org;hotmail.com; dmarc=pass action=none
header.from=toastmastersclubs.org;
Received-SPF: Pass (protection.outlook.com: domain of toastmastersclubs.org
designates 50.19.253.65 as permitted sender) receiver=protection.outlook.com;
client-ip=50.19.253.65; helo= toastmastersclubs.org;
Received: from BAY004-MC1F54.hotmail.com (10.152.72.59) by
SN1NAM02FT008.mail.protection.outlook.com (10.152.72.119) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
15.1.1240.9 via Frontend Transport; Mon, 17 Jul 2017 18:11:48 +0000
X-IncomingTopHeaderMarker: OriginalChecksum:52A534C6C30E2DC99D91A3BC4D2A953358C06CA5D050BEC3505F706CE6EC8FA1;UpperCasedChecksum:4F8672525E695D6082FC6F5730CBDBF8FC77E48EBE42B1F21042CE7330E950FA;SizeAsReceived:3367;Count:33
Received: from toastmastersclubs.org ([50.19.253.65]) by BAY004-MC1F54.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23143);
Mon, 17 Jul 2017 11:11:47 -0700
Received: from localhost.localdomain (toastmastersclubs.org [127.0.0.1])
by toastmastersclubs.org (8.14.4/8.14.4) with ESMTP id v6HIBkkL020513
for <chantdoerksen@hotmail.com>; Mon, 17 Jul 2017 18:11:46 GMT
Message-ID: <201707171811.v6HIBkkL020513@toastmastersclubs.org>
Received: from smtp105.iad3a.emailsrvr.com (smtp105.iad3a.emailsrvr.com [173.203.187.105])
by toastmastersclubs.org (8.14.4/8.14.4) with ESMTP id v6HIBjk3020494
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO)
for <treasurer@valenciatoastmasters.com>; Mon, 17 Jul 2017 18:11:45 GMT
Received: from smtp14.relay.iad3a.emailsrvr.com (localhost [127.0.0.1])
by smtp14.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id 5CBC825378
for <treasurer@valenciatoastmasters.com>; Mon, 17 Jul 2017 14:11:45 -0400 (EDT)
Received: from app11.wa-webapps.iad3a (relay-webapps.rsapps.net [172.27.255.140])
by smtp14.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id 4E222251F7
for <treasurer@valenciatoastmasters.com>; Mon, 17 Jul 2017 14:11:45 -0400 (EDT)
X-Sender-Id: national@reagan.com
Received: from app11.wa-webapps.iad3a (relay-webapps.rsapps.net [172.27.255.140])
by 0.0.0.0:25 (trex/5.7.12);
Mon, 17 Jul 2017 14:11:45 -0400
Received: from reagan.com (localhost [127.0.0.1])
by app11.wa-webapps.iad3a (Postfix) with ESMTP id 3EB82403F1
for <treasurer@valenciatoastmasters.com>; Mon, 17 Jul 2017 14:11:45 -0400 (EDT)
Received: by webmail.reagan.com
(Authenticated sender: national@reagan.com, from: president@valenciatoastmasters.com)
with HTTP; Mon, 17 Jul 2017 13:11:45 -0500 (CDT)
X-Auth-ID: national@reagan.com
Date: Mon, 17 Jul 2017 13:11:45 -0500 (CDT)
Subject: [Valencia] Wire funds Payment
From: "Mindy Lam via Toastmasters Club 1670" <server@toastmastersclubs.org>
To: "treasurer@valenciatoastmasters.com" <chantdoerksen@hotmail.com>
Reply-To: president@valenciatoastmasters.com
Content-Type: multipart/alternative;
boundary="----=_20170717131145000000_95740"
X-Type: html
X-Mailer: webmail/12.9.4-RC
X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_05,
FREEMAIL_FORGED_REPLYTO,HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,
RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_PASS autolearn=ham
autolearn_force=no version=3.4.0
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
toastmastersclubs.org
Dkim-Signature: v=1; a=rsa-sha256; c=relaxed; d=toastmastersclubs.org;
h=cc:content-transfer-encoding:content-type:date:from
:mime-version:reply-to:sender:subject:to; s=default; bh=5Dc1AFBN
ACsYZxLDLU6FWApyb9hb7GP1g5cdJrXk2nQ=; b=v2xkt5/5feBFjwYBHu3Gb7nH
hAMKNq2iOUTwd2brN3sGAnsnO7DzM1JZL+NMwj1a5o9t5w5Wg0J+hp3R++saOOeQ
IPrMjNlUANPzikB7nTicw75dhnsBP87XhkIvvJZPOch53s9gYzdtRowdgqJMD2Rs
YaYDW7W3luXuXM/OKyQ=
X-Google-DKIM-Signature:
X-Loop: server@toastmastersclubs.org
CC:
Sender: president@valenciatoastmasters.com
Errors-To: president@valenciatoastmasters.com
Content-Transfer-Encoding: 7bit
Return-Path: server@toastmastersclubs.org
X-OriginalArrivalTime: 17 Jul 2017 18:11:47.0705 (UTC) FILETIME=[27B40690:01D2FF28]
X-IncomingHeaderCount: 33
X-MS-Exchange-Organization-Network-Message-Id: 9f0661c0-15d4-4a63-7bb5-08d4cd3f4b8a
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa:0
X-MS-Exchange-Organization-MessageDirectionality: Incoming
CMM-sender-ip: 50.19.253.65
CMM-sending-ip: 50.19.253.65
CMM-Authentication-Results: hotmail.com; spf=pass (sender IP is 50.19.253.65;
identity alignment result is pass and alignment mode is relaxed)
smtp.mailfrom=server@toastmastersclubs.org; dkim=pass (identity alignment
result is pass and alignment mode is relaxed) header.d=toastmastersclubs.org;
x-hmca=pass header.id=server@toastmastersclubs.org
CMM-X-SID-PRA: server@toastmastersclubs.org
CMM-X-AUTH-Result: PASS
CMM-X-SID-Result: PASS
CMM-X-Message-Status: n:n
CMM-X-Message-Delivery: Vj0xLjE7dXM9MDtsPTE7YT0xO0Q9MTtHRD0xO1NDTD0w
CMM-X-Message-Info: NhFq/7gR1vRCsK3gkRw3VF3PCsFntVdKDGXx4dBJm1j1i4QegK7elbMZ7nyYVjCae6drgQYsx5CVGynp+xjSQV3wGs65mNj6Pa4EW9YaR53yjwkH6xYIUou83wDF4UbrOKHMnr5i+R1vCpmp5TkAy857ZhhpSNuhqWu6pcMpG5oHDHfrsB+gr1GPnuRTTcsCeFBMtbNOWMiBuf5rkiv11wG+YU+St7e54Z4S7ueL8Hc/Y4XSRznU80wotQGHL0Rh
X-MS-Exchange-Organization-PCL: 2
X-Microsoft-Exchange-Diagnostics: 1;SN1NAM02FT008;1:9CToCxV4N18o8ZqKe8pWUxWSaLZRFGvre1oQyUhzYIqABUUg9bRhkBRlEdpZe0VLCKp7lJ+eLifFJNLoGxTE+AQ1GhP8QwHD9KkKhemt1iR6t861bOqzJACEtSqRB6oPnnk7oAEsxG7JLYoj63PagvpAlOj9ET9tMpMs1DLtyZP5yyeYka/BD9BlS3AIfP2KnWGoJdKlfaigxAKbmsyPGekqQ7qdqkQvYvQQqfTNdLoK7OnaYXgPlP7XfSwsovPttp5QM+kUu9H5vGDAZlp1rSkQ/UGibcCD1C1uo58xuxzc4dIHSROS7xq5vOsFe1yWallNW8YiR54mY9wvgWMcCYbvgZPwbTfmisY28380rryUnnEGUGJvtxGcelr4Q5iJJ9CRnlZY3xuBRRCfuRRM1abQP3kS4fD4L5PnsztRVVvkg+bP9629EYpbQ6ObVF9o0SMZi3SbbULS9ixwnO8gxteGnm7QYMemYSBS9wSEuBmnxCGdr7owzhNVGQ36mznK
X-Forefront-Antispam-Report: EFV:NLI;SFV:NSPM;SFS:(98901004);DIR:INB;SFP:;SCL:1;SRVR:SN1NAM02HT001;H:BAY004-MC1F54.hotmail.com;FPR:;SPF:None;LANG:en;
X-MS-Exchange-Organization-AuthSource: SN1NAM02FT008.eop-nam02.prod.protection.outlook.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 9f0661c0-15d4-4a63-7bb5-08d4cd3f4b8a
X-Microsoft-Antispam: BCL:3;PCL:0;RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(23075)(8291501071);SRVR:SN1NAM02HT001;
X-Microsoft-Exchange-Diagnostics: 1;SN1NAM02HT001;3:UCbzMW136DnKU60Hw1cO7lAMRFGtxnNfajm5VR+PnnFBcasqjexiL5z7ACoZfzmZXrnzyPQ5Eb6aOYiDYhX4EXDCzQON/Flii7uEKDGqXir09XkjxcWXWBOse5Tc9vKZTrpA1+dF9c46tYvSlBhKJ8AyOGQFuJKsprQoEokS64vzfhgsTvNCokmwXa4h2wg/8OEBiO2tee7ROR8S7hCrW/B4DgImmw3tq6kL5SmBIA1AiSN7BCjeurL90ZcFyaAIUA9usultNTBqcUKsjwxjUknYs2/fHAllB0uS7iAg2r8qKV5LGkYK6fejXVof9SMchm9AbOXowEsYyACVGLhNvzlobRvKULtUoEJ0J9+2gB/z4cQdvxn63l+pBj8bFQatIeVziy0bgiCNDJ5EDY1fHOnbkThU7bcum8WkqCVyDOoZKa+7cegWD0BT/jOtf/KARTJ9LeAV6ELPu9Iz5zhwcmkatv1AakPLC38OzzSCocEN1rayolchROSXsYNVzZnT7TfgRL7XEll0mNPqqnXQzn8CNFeUHalRIH39Gf/JJms=
X-MS-TrafficTypeDiagnostic: SN1NAM02HT001:
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1;SN1NAM02HT001;25:kRcEMcLr5a0WfgGEP/f8I3vZa6H1DRfFKFLw5/Ul/?=
=?us-ascii?Q?uMimLKjVvUIY/hVj9Dd7S76hw8+EHFY1RYwl07+IVh4XUTPANwMULVMldqz6?=
=?us-ascii?Q?8vnd4JjXqmc1aq1m0XxcRCEVGzrgt9SodbYW9r7twHkMbu9R/Mifi0KKCdWK?=
=?us-ascii?Q?9stEXyB5aydgsISL+uWVq3dLHH8OiUinzdtsNOTRlAgVmxNURlirDAmkj3L4?=
=?us-ascii?Q?RHFlK9E+Xw6ZchL7nIbav3nCsvw+WiAw8zoVxbblKBR7ZiLtPVOEMQZGUAIJ?=
=?us-ascii?Q?zkqnAakGnqXVoZTCN5oO1blquWnaEO324ViF/svJorNt1cDmihaTQuHTSqLr?=
=?us-ascii?Q?uMDe+MC6V1sRWa2EEREGKu58xKkrPENnkT2Kf6DhV39QpVkNVRCTd238Eciy?=
=?us-ascii?Q?erGhL50iM3jjSQApBIcHRjPhlFE9e3nSD/Z+MeNAudsoq2Z2qe4OvI4hqu7V?=
=?us-ascii?Q?afq3HqJDG80WyvWAzCW5tbExzeItXfVK3qjI3iyNUsQ2S1bhWayp39K6Y/rc?=
=?us-ascii?Q?okWHIKhg8PRRCE/dRhw3KH+PApE58Jx2Tlq4GpwZvLG/CVjw5TASdQCUTy20?=
=?us-ascii?Q?uPLCcC9naSg8MF6+/pxHsWRdxezgUIEIbHXRa3Cbq9DXD13TLRK1NPzXOe2l?=
=?us-ascii?Q?0GZ5T6dFHx1TDDuIwq27I5+vnimFyr3f0pcyVOZ2A//eWt9lo1sjIncPvna6?=
=?us-ascii?Q?+j2qMws9dOlKMVhxSAvm8Q628nX8fNuT8XgkZ4JeTo1pfwMZOSJWzVVjhglz?=
=?us-ascii?Q?/+jk+v8eXOAxLIWDLsXr4J1dcxR7oV6sPSpevFDF9Cnu6pHl9urunyCBErcf?=
=?us-ascii?Q?2LUd5pvbFkPDHsRUOc/TSXSz6ot3zq+qDZ7Ms0ZardXkYNwQMimFXNjTX8SB?=
=?us-ascii?Q?eQHLIVlwXsqxe5Eqyi/DGdnc4h4FJV2dtT8nmag6t4/rPtOauWeglEbr7KsJ?=
=?us-ascii?Q?P8XMcfK5DnnKyEwQoaj7TAnH+McFrY0BC42u5JG5Wsm83kLh0VACKbMrN0J5?=
=?us-ascii?Q?c3Hf1/qrkSY5hcM0bDvOUUd?=
X-MS-Exchange-Organization-AVStamp-Service: 1.0
X-Microsoft-Exchange-Diagnostics: 1;SN1NAM02HT001;31:KkTsD2BogkUt2D9vCaSD2akjRBYu3xbBJY3J0CaIpvnnp8mRoYndKT7D5K5baadT0Oal16tLtyJHDRjgCc8RTZibZ4DtDc5JnF52ygA0FNxLLtcYY9lPg4LmiKDHkhv4XnyQHxeS0NCnB/G/YSYFMi5KLiyXv/dSHKuujCeaL8Ba9D7NHdkCxeyp3gkeelkF3XBeFzBD+6L8/HqTFb9ZsT7ojQFGaecFcH6Cno0HGr0Mv0xSiA8lb7BRVLSmnBT3GTukRugdN00Q/Ytg3fFpentYtyWqfHeapGNilZSKl//d0dkndxXt762rbsI7IivHUkbrvb5eQu0D55TzNSPsF9YkwY3pKcz6DauwfZJwpcbdteR8vYYyg+AZIOCQLW3ayyYw57Rp4dLaADfEOQsqSjhl00zy7iuyN1cuX/wqmyP5uXAxPEDUSjoVIXFCtCAE6DOnD7mSR1NsPEPdDDmCvaVyXG8yByoh9cVbhNQE9v0GEhA0ZmyPAmFQDCTvhbrvQwy+RxMZnIhFE5a3jyYr8eJfNLLkdQXJZXdVzNrXkAXpYvGjCvyq2QcLldv3zGKKZ1wiScOlZGfV7SSoTu7xnbhuXRe+S+AQOUTpdGq9fmDZbL23/mNtuazzYLqs5Vhrv8hpcxVEEXF+DtolDgtCvw2U0skSZYeJVL7Sk2vKsU/Q33FUacXNwgjCr5TezvsHpUGMIAyFGjPHDxXGTr9XaAG9YINWZ8UqYTr96/f+yJE=
X-Exchange-Antispam-Report-Test: UriScan:(236129657087228)(48057245064654)(148574349560750);
X-Exchange-Antispam-Report-CFA-Test: BCL:3;PCL:0;RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(444111536)(595095)(82015058);SRVR:SN1NAM02HT001;BCL:3;PCL:0;RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095);SRVR:SN1NAM02HT001;
X-Microsoft-Exchange-Diagnostics: 1;SN1NAM02HT001;4:VLrZiQJKdsfCTe5GvcjWpNYWsQ4SuyxRZeuMFy65zdpvA3Iefa0Kk5Bsw8oZneLEwjruignnTo37TzPllB24/Pc73O18phAiooOp8cBXs/O6HXdJKIETN/bg+xmu4VMEcm0VLh6zJ/vUsoo8emb1wfgaI2OtMFkIxheInWUVFDJQ4jbGjJMIS8GckmrS1sJG1pRmM6XGIubM0cmDmgXuOQ2LELxagXQ5nPlROtvH4EegPzhU3pb6ZukvGk3Pa4iXUgnjgqGklSdYxuHWvxWfejAyB1iD6S3SVcLft80nmyusi8vIQcHwoIO79vXB4ekvTKt9oXNgwZaQ54E5IJZePmiePNBdT13mq/d0n6uNZ7jjr9qIvtmgfXVuJcsicrdG/Ps8GNnakYOIUK+3K8GzI1qQe4iHcAdsCMnBddRLgXrLVAisUpRYh1xSj9WNIAywHp4qWE0bfewLdGLvQXHVPtmKct17at4PeowqxjuJD1a2epeyXP/gszktoqfp9NClF0BZCltg7ss8wCzpVHR2iiAvzR2wS40PHgXb9R5g3w9x7MkDlcYj2KO2izU3/xWHwiGqvb6IKqDHTtGfeS/MvzxC94ydXFE5iHH7jw5ceH0=;23:JkoNuWvbK9s1QmUBRXoKfOqBQ7swNwe4KApE6+PH8GDxtYkgzTxY6t8HSCEpSe3TE8ibbQlxRPbgVbXKT7Hf2LrIVwN4lbVwpgSygnzDRlx6COxax10eCSrmAMGFqPu9zSuK1LBAmhPuH3Y13tnBcQEqDEnStRTlFBtSHCH/A/M=
X-MS-Exchange-Organization-SCL: 1
X-Microsoft-Exchange-Diagnostics: 1;SN1NAM02HT001;6:4vNY85cO5b9VBSeygWIqpzPwqJLfcmz6qsFD2tluh4YtCDoCMXGRMwM97Os/F3U7F7sp2kh+mr1L3oPprCyUfdNOgiH8WUx8u6AUEjy/OVT2npouh0k5mp5gZ6WHNV2IhBysP8i6CVgqqanykqUP8hqaNuCIAZ19U0IXaK6Z9a0naAtoeC+QuSvk/qqJSPMRhviL7e9+UzcFrxypcy13uPJcSk7DQ9mh7i0cXAb3NzUSfb9si1OgsE0eO1FC9PTfuGMZPLqG46RmWFMY+il1Fx4xy+nYV+hVEEnUTtGMUk3ZjZCapY1obIRbwqBjXiEe/b9nn9uwVXwle5TT5Ju2gqiy36OXPOtc5v4STzYhmn457Me8JmGoNigH/QGcD9ROWZlT0r7suSFOvTa8P8Qg2wyuMRsDJDoHnscFao/gLSBs0r4spbFwy1UJxUM6Tr2o9Scj6AGXd9tf6O1Hoimw2ztUu61n+a5JYGl+/KVQ973UcFt/9LjMhHEyD8YuePysiKsc4Z5cLix3XEsvlJ3SBTcurdzC4lHk8N9sA0H5xzQIaMTnd6lptog7CeGTIOKWamneal4FG0xs+8nkaPnbTF0fxETm+3Sv4J4eZe652QuGcAOWBA9WvBFGFJeSAUJK1yKth1DYmzlKlkaTEa8ayTSEN8x4wHYtaoHYmChKrb7+5rl9x7RHzJUTGeEx0A31cZ04re999jzP8QEEE549ciT72zWajChATF+kyjco9VB6KAL54t9eo7dcseMzZrZ2E8F5qXi6FNK7Ga1wGdlUGPYnOGPwoXQYAm9Q1VwjR5eRmUySdGZL5Nd9HnxdBlWQjjOOGLFt2z7FzhBMZRvUryhkg/4llwGFXRv4mfQrQno=
X-Microsoft-Exchange-Diagnostics: 1;SN1NAM02HT001;5:TXGzJoKFiPB6VG5ea8BQfIO32cELWj7s9mkFoHgzhM/kNZTu73M/UJrZRG+9LNZwg+lcTNkSX/s+P7GZ8EiHxqROn4VlFFPkNq/LoxNP6vXLNDIctrxx0Kil6TReGbwL1WxocxMHbiOwYwYkfgF8PTE2AmqGHdMzRqzcaBHFvWbpJS7lwq1wKNIov3GsFBkHBr8vGCv/1vN6DrDtlsOC8Ke91RS0J3Chjs4knEtqmqaKKUkMiRHsLc89AyDMphPnUeUDmoVNMn9iKsp596fwxc7Ul3NftXDbsXf+UXb5mHsfJ618jc68rgdcBb0H0Hh8uzEFEmcscZBWWAsvBD/vnTslRZjWIeZgCbSYPy3YVP47ve2fmVw4Q9r6+WGUbJwmxUzqaEIYnUYkwZ+M0kK12DmWRGMRlpbUKGseGjf2bMFrPuwlitMV29PL2QuHe/T5KWRq968f21OiYKLsO37qi9CEj5Kiix8cGw+WVXShqmQ3WKwaXPzEqYXwa+v+FaG0;24:OuL8VfP+DLCQfJe8vDPDvbNvIrG0/EviC/SoNY8D8GNdo6M3OnO/qQAePWbyhfuYInq8SbVemq9NoscibqNw1N/thGg6AE/VHVVLVHV135g=
SpamDiagnosticOutput: 1:5
SpamDiagnosticMetadata: Default:3
X-Microsoft-Exchange-Diagnostics: 1;SN1NAM02HT001;7:N8UcEAvwzxV0yX60+jkP7B1uLj3/+5/u9uCSmkqU+ZhUJWPgl0jd4ofwGAMrqe21amgPnXiVKeBF8jrxzeq6zS4L0+fWjlJLWY6z6Yij2X2tgX1crEYFLS6LAAXuV0b29NVFVONL5HnI4Cqf02Zx3sNdrMkaTFGY51Bt/uJ7sDux4CwFUF2uzetAFBF5GAFTdeLF75ChuXQOrUavI+epokFka3y80OV931mT0qR99ABB+7TGjaTEWcZ/qOWVwbTPwR7Dhyz0v1hQDW8oHmrEiC6DmXaMhvOheoGexYAM3EaKfTRM74C93R/WLmMhZwYP3+IwhwRfOyhCKrLtWardFzyrJYWZ5S/bpYEnf37xc3NUHCMbRAGp3pVYM0Cvu+3OZfxwxH3p1fy2Tkr373+emT1nMT02f83aOfYpm8qTj+QarYf+ezlINyRT/kI1JmE9EJLbZG3tCkNovezDF2LR4yyzezoSxoXpyN49kD8QvRxBst1Zo4vrmlJiCyZ+cJlIv3KkZqTXuXrKIGQMTIwjg3TpQ8AolIYY5yMoMq1/TPIPQLxSmUhfzz6n9QwfiWYr1qNmZsc6r1nTbC9+UBS1IrLvKeAJHnIMg+0NUsZb1sA8iLQfZk3kgSjB+802ToDhuK8F6R61Lxvye68XgSxj7u061eFWxxFLLMKAkTSgIDxIBEmt2IaVjOth526n3ZqVRIY720r9YE2//0YxOTSHBRAwExm/jOXnQl10+CqPlYxQH/zwTeN2EbD+9U6cau9XAaz/o1wAr+C6hrXvKuERAvenAh276nIrumf2viwfEOo=
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Jul 2017 18:11:48.1321
(UTC)
X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1NAM02HT001
X-MS-Exchange-Transport-EndToEndLatency: 00:00:02.4634610
X-MS-Exchange-Processed-By-BccFoldering: 15.01.1261.018
X-Microsoft-Exchange-Diagnostics:
1;SN1PR19MB0463;27:BD0yzFgV/59HYz5yjGR6h4sqtMDxh1UEFguuN8m7TnYTc+pyClSWoNkxwDsjMuV6lxihC6lb8Jtnfuh/hvTJL4HnTqJiUh0HnLm7JuJpxeLyREahA5g/aX512ZtoeeUDSbb6G1cPNE2A+du+USutLQ==
X-Microsoft-Antispam-Mailbox-Delivery:
abwl:0;wl:1;pcwl:1;rwl:0;ex:0;auth:1;dest:I;WIMS-SenderIP:50.19.253.65;WIMS-SPF:toastmastersclubs%2eorg;WIMS-DKIM:toastmastersclubs%2eorg;WIMS-822:server%40toastmastersclubs%2eorg;WIMS-PRA:server%40toastmastersclubs%2eorg;WIMS-AUTH:PASS;ENG:(400001000128)(400125000095)(5062000261)(5061607266)(5061608170)(4900095)(4921089)(4950095)(570107);OFR:TrustedSenderList;
MIME-Version: 1.0
------=_20170717131145000000_95740
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Microsoft-Exchange-Diagnostics:
1;SN1PR19MB0463;27:BD0yzFgV/59HYz5yjGR6h4sqtMDxh1UEFguuN8m7TnYTc+pyClSWoNkxwDsjMuV6lxihC6lb8Jtnfuh/hvTJL4HnTqJiUh0HnLm7JuJpxeLyREahA5g/aX512ZtoeeUDSbb6G1cPNE2A+du+USutLQ==
X-Microsoft-Antispam-Mailbox-Delivery:
abwl:0;wl:1;pcwl:1;rwl:0;ex:0;auth:1;dest:I;WIMS-SenderIP:50.19.253.65;WIMS-SPF:toastmastersclubs%2eorg;WIMS-DKIM:toastmastersclubs%2eorg;WIMS-822:server%40toastmastersclubs%2eorg;WIMS-PRA:server%40toastmastersclubs%2eorg;WIMS-AUTH:PASS;ENG:(400001000128)(400125000095)(5062000261)(5061607266)(5061608170)(4900095)(4921089)(4950095)(570107);OFR:TrustedSenderList;
Hi Chantelle,
I need you to take care of a transfer today. Please let me know if you are =
available so i can forward you the vendor details.
Thanks,
Mindy Lam=20
=20
*** Is this spam?*** Click the following link or go to the web page below =
to add this sender's email address (president@valenciatoastmasters.com) to =
your FreeToastHost club website email blacklist: <https://1670.toastmasters=
clubs.org?blacklist=3D3D00398055-president%40valenciatoastmasters.com>
Smile at a new person every day
------=_20170717131145000000_95740
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Microsoft-Exchange-Diagnostics:
1;SN1PR19MB0463;27:BD0yzFgV/59HYz5yjGR6h4sqtMDxh1UEFguuN8m7TnYTc+pyClSWoNkxwDsjMuV6lxihC6lb8Jtnfuh/hvTJL4HnTqJiUh0HnLm7JuJpxeLyREahA5g/aX512ZtoeeUDSbb6G1cPNE2A+du+USutLQ==
X-Microsoft-Antispam-Mailbox-Delivery:
abwl:0;wl:1;pcwl:1;rwl:0;ex:0;auth:1;dest:I;WIMS-SenderIP:50.19.253.65;WIMS-SPF:toastmastersclubs%2eorg;WIMS-DKIM:toastmastersclubs%2eorg;WIMS-822:server%40toastmastersclubs%2eorg;WIMS-PRA:server%40toastmastersclubs%2eorg;WIMS-AUTH:PASS;ENG:(400001000128)(400125000095)(5062000261)(5061607266)(5061608170)(4900095)(4921089)(4950095)(570107);OFR:TrustedSenderList;
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf-8"><f=
ont face=3D"arial" size=3D"2"><p style=3D"margin:0;padding:0;font-family: a=
rial; font-size: 10pt; word-wrap: break-word;">Hi Chantelle,<br><br>I need =
you to take care of a transfer today. Please let me know if you are availab=
le so i can forward you the vendor details.<br><br>Thanks,</p>
<p style=3D"margin:0;padding:0;font-family: arial; font-size: 10pt; word-wr=
ap: break-word;">Mindy Lam </p>
<!--WM_COMPOSE_SIGNATURE_START--><!--WM_COMPOSE_SIGNATURE_END--></font><br>=
<br><table border=3D"0" bgcolor=3D"#efefef" cellpadding=3D"6" width=3D"100%=
" style=3D"font-size:90%"><tr><td><b>Is this spam?</b> Click the following =
link or go to the web page below to add this sender's email address (presid=
ent@valenciatoastmasters.com) to your FreeToastHost club website email blac=
klist: <a href=3D"https://1670.toastmastersclubs.org?blacklist=3D3D00398055=
-president%40valenciatoastmasters.com">Click To Block Sender</a><br>Web Pag=
e: https://1670.toastmastersclubs.org?blacklist=3D3D00398055-president%40va=
lenciatoastmasters.com</td></tr></table>
<hr><center style=3D"font-size:90%"><i>Smile at a new person every day</i><=
/center>=
------=_20170717131145000000_95740--
Marc, thank you a bunch for providing this!!! I think this is going to enable me to improve the email security. This is a really sophisticated phishing email. I believe the original sender address is indicated in the following header (notice how difficult it is to find it):
Received: by webmail.reagan.com
(Authenticated sender: This email address is being protected from spambots. You need JavaScript enabled to view it., from: This email address is being protected from spambots. You need JavaScript enabled to view it.)
with HTTP; Mon, 17 Jul 2017 13:11:45 -0500 (CDT)
If you look up
www.reagan.com, you will see that anyone can get an email address w/ reagan.com as the domain. And in this case the sender faked the from address. A very sneaky, very nasty person did this. :angry:
I suggest putting
This email address is being protected from spambots. You need JavaScript enabled to view it. in your club black list (or better yet, @reagan.com). It will not do anything right now, but after I tweak the security, it should put a stop to this.