Here are the headers. I'm now getting these in threes and fours a day for "services."
Really wish I could set a server-wide Content Filter on these people.
Mik
Return-Path: <bounces+SRS=ACEEK=ML@Hayesinternational.onmicrosoft.com>
Received: from GBR01-CWX-obe.outbound.protection.outlook.com (mail-cwxgbr01on2109.outbound.protection.outlook.com [40.107.121.109]) by mail.montaguewebworks.com with SMTP
(version=TLS\Tls12
cipher=Aes256 bits=256);
Wed, 8 May 2024 11:23:45 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=f+8E+JG5CJ1WT4m6hMiGBSnyyynCHG+D4MOzkqPiV/8mODBNUU8CFx+hCsB4Bi99598LN4tbNKJiNaW+bXeoGvlKHO20pjtmAVTtXFVRGMZQRTkedjhagJvFA1OH361ZZMSV2e+GZVOprigURMTP4VvYJ3rkpyd/l67o1yO72S8eolxPkd+v0lI2hspNSPz4LkFIYZkvpIPh+CxQx1yGLBt6oTmAg2GC2SchpuPhB0d08WKftn8lM/rG285MBVTIsrbrUsnwdJthjY2ap+5lwX51HAbVjLtbFWueGrh8cAR0ktC7/RTIsJTtTt/iPXSCOnwFPPC4gBh483v2tyBKdA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=0GlIR2rpA4/IST6O40GppvMoCehRRkzKNMD755tTN/U=;
b=jkW468Yjb6GV5nQd1oOj2dkxZqNCnTaZEAVmnenPs0k2VdEEidiZ3Yz/lG9iVNxjokwCmCsPhtjuEOPXN3XMbdfsRdZ3eJHPPY0HIqbUVB9GAYPnXpaRoGKWrHuRBUJuSqJ3sZHKJIDs7llgsiAHfnh5QOTHkedd9vKpAotc7jMVAxxfiqeel7x8pioit+eSnXcOficrWnuBaZN843JQ39lbh68lEZQPWwvVFTXSBOXyaa4PJIfpM1wu7YmqhVpxQ7X0kr//YSqW3Sl3jZzJcM52lLgYuwm/6ap1lk9bM33ejTwUQbEZuqd4cU5LcommmaIYXH0z9fS0xiJKTODHZA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
104.130.122.55) smtp.rcpttodomain=hayesinternational.onmicrosoft.com
smtp.mailfrom=post.xero.com; dmarc=pass (p=reject sp=none pct=100)
action=none header.from=post.xero.com; dkim=pass (signature was verified)
header.d=post.xero.com; arc=none (0)
Received: from LO6P123MB6552.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:2b8::5)
by LO9P123MB8045.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:3e8::12) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7544.45; Wed, 8 May
2024 15:23:41 +0000
Received: from CWXP123MB4791.GBRP123.PROD.OUTLOOK.COM (2603:10a6:400:122::8)
by LO6P123MB6552.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:2b8::5) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7544.45; Wed, 8 May
2024 15:21:38 +0000
Received: from CWXP123MB4791.GBRP123.PROD.OUTLOOK.COM
([fe80::cbe4:667a:8b80:42c7]) by CWXP123MB4791.GBRP123.PROD.OUTLOOK.COM
([fe80::cbe4:667a:8b80:42c7%3]) with mapi id 15.20.7544.041; Wed, 8 May 2024
15:21:38 +0000
Received: from LO2P265CA0400.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:f::28) by
LO0P123MB6878.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:30b::9) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.7544.42; Wed, 8 May 2024 15:20:10 +0000
Received: from LO1PEPF000028CD.GBRP265.PROD.OUTLOOK.COM
(2603:10a6:600:f:cafe::53) by LO2P265CA0400.outlook.office365.com
(2603:10a6:600:f::28) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7544.41 via Frontend
Transport; Wed, 8 May 2024 15:20:10 +0000
Authentication-Results: spf=pass (sender IP is 104.130.122.55)
smtp.mailfrom=post.xero.com; dkim=pass (signature was verified)
header.d=post.xero.com;dmarc=pass action=none header.from=post.xero.com;
Received-SPF: Pass (protection.outlook.com: domain of post.xero.com designates
104.130.122.55 as permitted sender) receiver=protection.outlook.com;
client-ip=104.130.122.55; helo=a5.email.post.xero.com; pr=C
Received: from a5.email.post.xero.com (104.130.122.55) by
LO1PEPF000028CD.mail.protection.outlook.com (10.167.240.37) with Microsoft
SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.7544.18
via Frontend Transport; Wed, 8 May 2024 15:20:10 +0000
DKIM-Signature: a=rsa-sha256; v=1; c=relaxed/relaxed; d=post.xero.com; q=dns/txt; s=mailo; t=1715181610; x=1715188810;
h=Message-Id: reply-to: To: To: From: From: Subject: Subject: Content-Type: Mime-Version: Date: Sender: Sender;
bh=0GlIR2rpA4/IST6O40GppvMoCehRRkzKNMD755tTN/U=;
b=XV6oSHM3Vj95MStGpmUgZ+p6HtLB/b8ahPTYJ1MGACCatusowDCqerxqF+LDc8A/n5C/sI7eADdANQnobvPMlIzALjpo4eNMQs5HT/F4mb8shPrJGo5/4oIuHtq3h6xSm+IwPHK+8cegb/LM1E9O9DRy4qO8oQf29cwKDnlPg10=
X-Mailgun-Sending-Ip: 104.130.122.55
X-Mailgun-Sid: WyJlOGZmYiIsImNvbmZpcm1hdGlvbkBoYXllc2ludGVybmF0aW9uYWwub25taWNyb3NvZnQuY29tIiwiMTc4ODMiXQ==
Received: from <unknown> (<unknown> []) by 686bd7cb36ed with HTTP id
663b9824d475713b1d046a17; Wed, 08 May 2024 15:20:04 GMT
Sender: messaging-service@post.xero.com
Date: Wed, 08 May 2024 15:20:04 +0000
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="e4ea0882fe0348a0f12b93d2619cf9d7a6c37905668269c1dc98e4782abd"
Subject: Your Order Confirmation is Here!
From: Hayes Lotus <messaging-service@post.xero.com>
To: Confirmation@hayesinternational.onmicrosoft.com
X-Mailgun-Tag: xeromailenvironment-live
X-Mailgun-Tag: invoices-invoice
X-Mailgun-Track-Opens: true
X-Mailgun-Track-Clicks: false
X-Mailgun-Variables: {"xero-messageId":"2831710785","xero-parentMessageId":""}
Reply-To: HayesLotus@hayesinternational.onmicrosoft.com
X-Mailgun-Sending-Ip-Pool: 6371656ed503704fb71db430
Message-ID: <20240508152004.d40ea3f64456e56c@post.xero.com>
Return-Path: bounce+862f50.17883-Confirmation=hayesinternational.onmicrosoft.com@post.xero.com
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 55181bd0-5664-478f-b303-f9229d9c388d:0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: LO1PEPF000028CD:EE_|LO0P123MB6878:EE_|LO6P123MB6552:EE_|LO9P123MB8045:EE_
X-MS-Office365-Filtering-Correlation-Id: f0b1850a-b93a-4fdd-a1b3-08dc6f7259fd
X-Moderation-Data: 5/8/2024 3:21:37 PM
X-LD-Processed: 55181bd0-5664-478f-b303-f9229d9c388d,ExtAddr,ExtAddr
X-MS-Exchange-SenderADCheck: 0
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;ARA:13230031|376005|34036007|7416005|48200799009|41320700004|61400799018|586008|102250200017;
X-Microsoft-Antispam-Message-Info: =?utf-8?B?N3VOZVJ5OUEzSXFpbEVUOWpIdEVRSmRmTGtQbEpUc0NqOVB4N2lBSUtRa0Ns?=
=?utf-8?B?M2JzNngrWmtUZTY2SUVPKytlMDlXNHpWZXBGY0JlM1pPSWRXcFYzM2NOeERN?=
=?utf-8?B?MDR4L2RmOHJrVXBGQUZtNE11NVdiN2JFZUZRbFVFQWQvdHREMVRvSGtHa05x?=
=?utf-8?B?TUJqL01wOWI3cEN6bGFWUEEyYWx6RG1JZXVOaytURlBYL3ZoQi9aV2pSNWZQ?=
=?utf-8?B?Q1BXY2VUOHRUdUpNcmJvam83MmNoVzdEa2UyTU10QStWeXllcVJ2b01SY3RT?=
=?utf-8?B?U3I1M3loV2xZYllrUExsaUg2WUdHMkFlUmh3QjdGLzdkN0ZKUW91VDVwQWU4?=
=?utf-8?B?RUNjMXhBOEdBbnMrbGZLYmVmQW5uT29UOWt5cTQ3LzROVHZuVm9XVzl5UndW?=
=?utf-8?B?UHhqWUhmMUJyeXQyaGdYOEdvUmFGUlVkaXN5bmVMRXZtcWE3TlVrL0FqcHds?=
=?utf-8?B?UXdtUTY5eTltOTlTRXlyT2Vua09mejlrVGhTQzNScEVkOFp3QXl0a3doVkxK?=
=?utf-8?B?LzU5SXF3ZUhCeU51S1Z3UlowUVNsRW1JYWhTQjQ2S1hUSm9zc21lWFVwZmxE?=
=?utf-8?B?djk5U2Q1cW8yWXlDMzFpaU9lUEVoekdiOEtsSzBkUnEwU0ZGTCtlUmJhU214?=
=?utf-8?B?SWVtam9XclZmK2FaVFI0SG9GY3lXenRiVDdxUUdSek5UL0hTRDZEaGZxc3o4?=
=?utf-8?B?aHpuM04zR3laRkVUYkFvNXZJUHE4ZWs5ZG0rbGtpa2JJMFBOcXBLUVZ0c3Fm?=
=?utf-8?B?Qm42dCt0eDM3cDhBTktMMU56TW5WMG9rRG1WVHpjZWtvNXJYQWdGQll2bUVW?=
=?utf-8?B?U2ZBQVIwc3pBU1FHdW5oUlE4YVBEUExsMDF5QXh4cjJiMnQ3TDA1dmxtYjRz?=
=?utf-8?B?Qy90ajJYZ2RvNDhCT3dnZ2oxeE1sNVdWMUtqdHZ4SXduVDhkb0JpWGpEM3FM?=
=?utf-8?B?VFAwc3JJeGltVEkzR2VCSnE0aGRLdElyZzdidENWQ0RtT256a01pQ3hCSWJn?=
=?utf-8?B?VTQ5L2o3alduZEZySitaV0duMzlzOEF3MnA0Tjlpa3VXUktnOStUN2Ztc0Qz?=
=?utf-8?B?aEx5UnZ6U3JaZkJTZ240MW1hNEh2aDNQZTdXZG1aeVRDZlgyanN0VER2THdY?=
=?utf-8?B?TjVnUEVsbUhpakFvLzA1Y0cwSWthOHBJdVJJRC95RVh3ZzdEU3BDV3Q4aEFC?=
=?utf-8?B?SFhKaVNIUTllaDFJZ1N2VmR4SzEwTXArSGNHbUdKUStBQnJuZFIvc1Y2dEJC?=
=?utf-8?B?K1EwM3ZBV1pjUm0vLzFJakFGRURYdWRUMytXT0Nub05JOHNaNHVOMVBZbFg2?=
=?utf-8?B?ZitXR2tQcU5NYnl3ZWhaYlM0aUhlZHl3VFlRUU1PaWhBUHNIcllzd1J2dGI3?=
=?utf-8?B?QjMvTHhDQTdRY1VjZHVmZnloUzJkSEF0Rmk2eXJ3VUpMa0ZsVHA0WlEwbU1y?=
=?utf-8?B?OHFOQUFocG9nR1NkWmE2b2Z0NnNpdXhxR0Vwd2hpU2JrTFVGeldiTzJ1bjE0?=
=?utf-8?B?czhZMHlVdGdnSG5DazBDRkZKTi9ZNUlBRitiSytJYlhwRWM2QmRXVDFyYy94?=
=?utf-8?B?YkNBMS81bWdKUCtKK2tpTCtsNDNub2tSdG9KRGp4dkJIamJmSXpkaGc5R3NJ?=
=?utf-8?B?dkhyZ0Zqbnd1Sk5TTDFlNmNOdlpOeXpQb2NiTnh3ZEtXTFZkSEhWcE1hd2lx?=
=?utf-8?B?bkFaZVVvYkl2Rnl4RGFZQXh2bHcrTnUvM293dzR6dmNuMXNsdW1USDQxa2Y5?=
=?utf-8?Q?K3hd/gs770+LcLA5L2s3Pt+xO3UbPWsVmpB+MiV?=
X-Forefront-Antispam-Report: CIP:104.130.122.55;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:a5.email.post.xero.com;PTR:a5.email.post.xero.com;CAT:NONE;SFS:(13230031)(376005)(34036007)(7416005)(48200799009)(41320700004)(61400799018)(586008)(102250200017);DIR:OUT;SFP:1102;
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-OriginatorOrg: Hayesinternational.onmicrosoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f0b1850a-b93a-4fdd-a1b3-08dc6f7259fd
X-MS-Exchange-CrossTenant-Id: 55181bd0-5664-478f-b303-f9229d9c388d
X-MS-Exchange-CrossTenant-AuthSource: LO1PEPF000028CD.GBRP265.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 May 2024 15:21:38.4483
(UTC)
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: LLJga7yqmvoUpeCBabcBKKQ9Su6ZObQ2RmqEBLK6NmRbCQyGGoBMzFUBPQzdD/7LEoLgx6jAX7Gc/7onrqB57+JvJYL6WlVJpljj5xG83UMP+w5NTOOtHzKh7SRFbvbmKk/9j2MYDK/v1MeEQKTERE2I+A5GVN0GC1DVBGH6MAkZ8gvjacHUeozq/JAHYHuZ+C94djLky+Tgq1Rid80ZRrNXr7KTnDw9y8xc5XyAJndnGC9ici6eqjOVMdb36fum
X-MS-Exchange-Transport-CrossTenantHeadersStamped: LO9P123MB8045
X-Declude-Sender: bounces+SRS=ACEEK=ML@Hayesinternational.onmicrosoft.com [40.107.121.109]
X-Declude-Spoolname: 71128434.eml
X-Declude-RefID:
X-Declude-Note: Scanned by Declude 4.12.11
X-Declude-Scan: Incoming Score [-2] at 11:23:57 on 08 May 2024
X-Declude-Tests: MAILSPIKE-H2 [-2], DNSWL [-5], SPFPASS [-1], FROMNOMATCH [2], HAM-INDICATOR [-3], FILTER-BULK [4], ISP-HOTMAIL [3]
X-Country-Chain: UNITED STATES->destination
X-Declude-Code: f
X-HELO: GBR01-CWX-obe.outbound.protection.outlook.com
X-Identity: 40.107.121.109 | mail-cwxgbr01on2109.outbound.protection.outlook.com | Hayesinternational.onmicrosoft.com
X-ForwardingAddress: info@montaguewebworks.com
X-OriginalSender: bounces+SRS=ACEEK=ML@Hayesinternational.onmicrosoft.com
X-Rcpt-To: <info@montaguewebworks.com>
X-SmarterMail-Spam: Reverse DNS Lookup [Passed]: 0, SPF [Pass]: -2, SURRIEL: 0, HOSTKARMA-BLACK: 0, BARRACUDA: 0, GBUDB: 0, SPAMCOP: 0, MCAFEE: 0, MAILSPIKE: 0, ZEN: 0, DMARC [skipped - DMARC Disabled]: 0, Message Sniffer [code:0]: 0, ISpamAssassin [raw:0.4]: 1, DKIM [Pass]: 0, Declude: -2
X-SmarterMail-FoundTracker: mailgun | Mailgun
X-SmarterMail-TotalSpamWeight: -3
X-SmarterMail-SpamAction: None | NoAction