What is the best way to block phishers from using the X-Sender header to send Phish like this:
Received: from DM5PR06CA0096.namprd06.prod.outlook.com (2603:10b6:3:4::34) by
BY5PR19MB3972.namprd19.prod.outlook.com (2603:10b6:a03:225::21) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5395.21; Tue, 5 Jul
2022 19:34:30 +0000
Received: from DM6NAM12FT068.eop-nam12.prod.protection.outlook.com
(2603:10b6:3:4:cafe::44) by DM5PR06CA0096.outlook.office365.com
(2603:10b6:3:4::34) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5395.14 via Frontend
Transport; Tue, 5 Jul 2022 19:34:29 +0000
Authentication-Results: spf=neutral (sender IP is 22.33.444.55)
smtp.mailfrom=chipbras.com.br; dkim=none (message not signed)
header.d=none;dmarc=none action=none header.from=client.com;
Received-SPF: Neutral (protection.outlook.com: 22.33.444.55 is neither
permitted nor denied by domain of chipbras.com.br)
Received: from mx.filter.com (22.33.444.55) by
DM6NAM12FT068.mail.protection.outlook.com (10.13.179.117) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.5417.8 via Frontend Transport; Tue, 5 Jul 2022 19:34:29 +0000
Received: from mx.filter.com (localhost [127.0.0.1])
by mx.filter.com (KatyComputer) with ESMTP id 00EFCC07B9
for lboss@client.com; Tue, 5 Jul 2022 14:34:29 -0500 (CDT)
Received-SPF: pass (chipbras.com.br: Sender is authorized to use 'chipbras@chipbras.com.br' in 'mfrom' identity (mechanism 'include:secureserver.net' matched)) receiver=mx.filter.com; identity=mailfrom; envelope-from=chipbras@chipbras.com.br; helo=p3plwbeout25-01.prod.phx3.secureserver.net; client-ip=216.69.139.12
Received: from p3plwbeout25-01.prod.phx3.secureserver.net (p3plsmtp25-01-2.prod.phx3.secureserver.net [216.69.139.12])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by mx.filter.com (KatyComputer) with ESMTPS
for lboss@client.com; Tue, 5 Jul 2022 14:34:26 -0500 (CDT)
Received: from p3plgemwbe25-03.prod.phx3.secureserver.net ([10.36.152.34])
by :WBEOUT: with SMTP
id 8oJQowIQchkmo8oJQoiMXJ; Tue, 05 Jul 2022 12:34:20 -0700
X-CMAE-Analysis: v=2.4 cv=WYHJ12tX c=1 sm=1 tr=0 ts=62c4923c
a=2BmizzOixHkOQSa6aDF9PA==:117 a=B4datkHeJT0A:10 a=CNGHLwnOuukA:10
a=nBd7tzB_5mkA:10 a=IkcTkHD0fZMA:10 a=RgO8CyIxsXoA:10 a=x7bEGLp0ZPQA:10
a=g42dPBg8OnHSrJkFxioA:9 a=_W_S_7VecoQA:10 a=QEXdDO2ut3YA:10
X-SECURESERVER-ACCT: chipbras@chipbras.com.br
X-SID: 8oJQowIQchkmo
Received: (qmail 32688 invoked by uid 99); 5 Jul 2022 19:34:20 -0000
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset="utf-8"
X-Originating-IP: 97.85.142.17
User-Agent: Workspace Webmail 6.12.10
Message-Id: 20220705123418.82b9d9205b95e5aebb385723534cd9dd.6985285278.wbe@email25.godaddy.com
From: "HEATHER staff" hstaff@client.com
X-Sender: chipbras@chipbras.com.br
Reply-To: "HEATHER staff" DiirectDepositOfficeu@mail.com
To: lboss@client.com lboss@client.com
Subject: My Direct Deposit Update
Received: from DM5PR06CA0096.namprd06.prod.outlook.com (2603:10b6:3:4::34) by
BY5PR19MB3972.namprd19.prod.outlook.com (2603:10b6:a03:225::21) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5395.21; Tue, 5 Jul
2022 19:34:30 +0000
Received: from DM6NAM12FT068.eop-nam12.prod.protection.outlook.com
(2603:10b6:3:4:cafe::44) by DM5PR06CA0096.outlook.office365.com
(2603:10b6:3:4::34) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5395.14 via Frontend
Transport; Tue, 5 Jul 2022 19:34:29 +0000
Authentication-Results: spf=neutral (sender IP is 22.33.444.55)
smtp.mailfrom=chipbras.com.br; dkim=none (message not signed)
header.d=none;dmarc=none action=none header.from=client.com;
Received-SPF: Neutral (protection.outlook.com: 22.33.444.55 is neither
permitted nor denied by domain of chipbras.com.br)
Received: from mx.filter.com (22.33.444.55) by
DM6NAM12FT068.mail.protection.outlook.com (10.13.179.117) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.5417.8 via Frontend Transport; Tue, 5 Jul 2022 19:34:29 +0000
Received: from mx.filter.com (localhost [127.0.0.1])
by mx.filter.com (KatyComputer) with ESMTP id 00EFCC07B9
for lboss@client.com; Tue, 5 Jul 2022 14:34:29 -0500 (CDT)
Received-SPF: pass (chipbras.com.br: Sender is authorized to use 'chipbras@chipbras.com.br' in 'mfrom' identity (mechanism 'include:secureserver.net' matched)) receiver=mx.filter.com; identity=mailfrom; envelope-from=chipbras@chipbras.com.br; helo=p3plwbeout25-01.prod.phx3.secureserver.net; client-ip=216.69.139.12
Received: from p3plwbeout25-01.prod.phx3.secureserver.net (p3plsmtp25-01-2.prod.phx3.secureserver.net [216.69.139.12])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by mx.filter.com (KatyComputer) with ESMTPS
for lboss@client.com; Tue, 5 Jul 2022 14:34:26 -0500 (CDT)
Received: from p3plgemwbe25-03.prod.phx3.secureserver.net ([10.36.152.34])
by :WBEOUT: with SMTP
id 8oJQowIQchkmo8oJQoiMXJ; Tue, 05 Jul 2022 12:34:20 -0700
X-CMAE-Analysis: v=2.4 cv=WYHJ12tX c=1 sm=1 tr=0 ts=62c4923c
a=2BmizzOixHkOQSa6aDF9PA==:117 a=B4datkHeJT0A:10 a=CNGHLwnOuukA:10
a=nBd7tzB_5mkA:10 a=IkcTkHD0fZMA:10 a=RgO8CyIxsXoA:10 a=x7bEGLp0ZPQA:10
a=g42dPBg8OnHSrJkFxioA:9 a=_W_S_7VecoQA:10 a=QEXdDO2ut3YA:10
X-SECURESERVER-ACCT: chipbras@chipbras.com.br
X-SID: 8oJQowIQchkmo
Received: (qmail 32688 invoked by uid 99); 5 Jul 2022 19:34:20 -0000
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset="utf-8"
X-Originating-IP: 97.85.142.17
User-Agent: Workspace Webmail 6.12.10
Message-Id: 20220705123418.82b9d9205b95e5aebb385723534cd9dd.6985285278.wbe@email25.godaddy.com
From: "HEATHER staff" hstaff@client.com
X-Sender: chipbras@chipbras.com.br
Reply-To: "HEATHER staff" DiirectDepositOfficeu@mail.com
To: lboss@client.com lboss@client.com
Subject: My Direct Deposit Update
