Print

Print


I agree with everyone about the importance of SPF and DKIM, it really helps
with spoofing. And it is not that hard to do.

On Fri, Feb 10, 2017, 1:42 PM Michael Norkun <[log in to unmask]>
wrote:

> You could do a bit more detective work and look at the original message to
> get some clues.
> here is the previous email's original state...
>
> While that may look like gibberish, there is a world of information in
> there.
> Right from the get go you see my email, gmail servers i used to get
> this...two of them....etc. The header just shows you who what when where of
> the SMTP.
>
> Below I get more google info about how this message was rated, in terms of
> spam phising...etc. What the SPF rating was/is along the way.
> Basically the header gives me info about who sent it and how google...or
> whichever mail server, dealt with it. If it was part of a spoof you'd get
> clues in here.
>
> It seems like you took the first steps of suspending the account.
> Definitely log them out of everywhere, all apps, all instances of chrome,
> gSuite...etc, clear caches and cookies, but clear them to a log that you
> can analyze. Then take a look at the users primary machine network logs, or
> you own network logs to see if ti was compromised at school. If not, the
> user may have been compromised outside of school. It look like the user
>  put their email and or password in somewhere they shouldn't  have. Or left
> them selves logged in for someone else to get. Either way their account
> needs some attention.
>
> Good luck.
>
>
> Delivered-To: [log in to unmask]
> Received: by 10.157.6.130 with SMTP id 2csp523596otx;
>         Fri, 10 Feb 2017 08:05:32 -0800 (PST)
> X-Received: by 10.159.38.229 with SMTP id 92mr5022228uay.102.1486742732552;
>         Fri, 10 Feb 2017 08:05:32 -0800 (PST)
> Return-Path: <owner-school-it*michael*-norkun**WNESU*[log in to unmask]>
> Received: from list1.uvm.edu (list1.uvm.edu. [2620:104:e001:1001::8f])
>         by mx.google.com with ESMTPS id w184si632693vkf.224.2017.02.10.08.05.32
>         for <[log in to unmask]>
>         (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
>         Fri, 10 Feb 2017 08:05:32 -0800 (PST)
> Received-SPF: pass (google.com: domain of owner-school-it*michael*-norkun**wnesu*[log in to unmask] designates 2620:104:e001:1001::8f as permitted sender) client-ip=2620:104:e001:1001::8f;
> Authentication-Results: mx.google.com;
>        spf=pass (google.com: domain of owner-school-it*michael*-norkun**wnesu*[log in to unmask] designates 2620:104:e001:1001::8f as permitted sender) smtp.mailfrom=owner-school-it*michael*-norkun**WNESU*[log in to unmask]
> Received: from list.uvm.edu (localhost [127.0.0.1]) by list1.uvm.edu (8.14.4/8.14.4) with ESMTP id v1AFoTqH027299 for <[log in to unmask]>; Fri, 10 Feb 2017 11:05:31 -0500
> Received: by LIST.UVM.EDU (LISTSERV-TCP/IP release 16.0) with spool id
>           208844603 for [log in to unmask]; Fri, 10 Feb 2017 11:05:07 -0500
> Precedence: bulk
> Received: from plover.in-mail.uvm.edu (plover.in-mail.uvm.edu
>           [132.198.101.207]) by list1.uvm.edu (8.14.4/8.14.4) with ESMTP id
>           v1AG3sC1016479 for <[log in to unmask]>; Fri, 10 Feb 2017
>           11:03:54 -0500
> Received: from mail2.u32.org (mail2.u32.org [207.136.231.28]) by
>           plover.in-mail.uvm.edu (8.14.7/8.14.7) with ESMTP id v1AG3rID161828
>           (version=TLSv1/SSLv3 cipher=RC4-SHA bits=112 verify=OK) for
>           <[log in to unmask]>; Fri, 10 Feb 2017 11:03:54 -0500
> Received: from WCSUMAIL13.U32.ORG (192.168.0.4) by WCSUMAIL13.U32.ORG
>           (192.168.0.4) with Microsoft SMTP Server (TLS) id 15.0.775.38; Fri,
>           10 Feb 2017 11:03:34 -0500
> Received: from WCSUMAIL13.U32.ORG ([fe80::c053:25a2:b54c:c91]) by
>           WCSUMAIL13.U32.ORG ([fe80::c053:25a2:b54c:c91%16]) with mapi id
>           15.00.0775.031; Fri, 10 Feb 2017 11:03:34 -0500
> Thread-Topic: Suggestions for rogue emails
> Thread-Index: AQHSguPwyrrDDyL11ECy5WWG1/kMK6FhF7AAgAABGICAAAGKgIAAYV+AgAApVgCAAPYUgIAAAm8AgAAIbAD//79qEA==
> References: <[log in to unmask]>
>             <[log in to unmask]>
>             <[log in to unmask]>
>             <[log in to unmask]>
>             <[log in to unmask]>
>             <[log in to unmask]>
>             <[log in to unmask]>
>             <[log in to unmask]>
>             <[log in to unmask]>
> Accept-Language: en-US
> Content-Language: en-US
> X-MS-Has-Attach:
> X-MS-TNEF-Correlator:
> x-originating-ip: [192.168.0.106]
> Content-Type: multipart/alternative; boundary="_000_f41eadc420624eaaac2188dfbdf1c2f2WCSUMAIL13U32ORG_"
> MIME-Version: 1.0
> X-PureMessage-Version: 6.3.1.2588712, Antispam-Engine: 2.7.2.2107409,
>                        Antispam-Data: 2017.2.10.155417
> X-PMX-DKIM: none
> X-PureMessage-Spam: Gauge=IIIIIIIII, Probability=9%,
>                     Report=' FRAUD_ATTACH 0.05, HTML_00_01 0.05,
>                     HTML_00_10 0.05, KNOWN_FREEWEB_URI 0.05,
>                     SUPERLONG_LINE 0.05, BODYTEXTH_SIZE_3000_MORE 0,
>                     BODY_SIZE_10000_PLUS 0, ECARD_KNOWN_DOMAINS 0, IN_REP_TO 0,
>                     LEGITIMATE_SIGNS 0, MSG_THREAD 0, REFERENCES 0,
>                     WEBMAIL_SOURCE 0, WEBMAIL_XOIP 0, WEBMAIL_X_IP_HDR 0,
>                     __ANY_URI 0, __BOUNCE_CHALLENGE_SUBJ 0,
>                     __BOUNCE_NDR_SUBJ_EXEMPT 0, __C230066_P5 0,
>                     __CP_URI_IN_BODY 0, __CT 0, __CTYPE_HAS_BOUNDARY 0,
>                     __CTYPE_MULTIPART 0, __CTYPE_MULTIPART_ALT 0,
>                     __FRAUD_CONTACT_NUM 0, __FRAUD_MONEY_BIG_COIN 0,
>                     __FRAUD_MONEY_BIG_COIN_DIG 0, __HAS_FROM 0, __HAS_MSGID 0,
>                     __HAS_XOIP 0, __HTTPS_URI 0, __IN_REP_TO 0,
>                     __KNOWN_FREEWEB_URI3 0, __MIME_HTML 0, __MIME_TEXT_H 0,
>                     __MIME_TEXT_H1 0, __MIME_TEXT_H2 0, __MIME_TEXT_P 0,
>                     __MIME_TEXT_P1 0, __MIME_TEXT_P2 0, __MIME_VERSION 0,
>                     __MSGID_32HEX 0, __MULTIPLE_URI_TEXT 0, __PHISH_PHRASE2 0,
>                     __PHISH_PHRASE3 0, __PHISH_SPEAR_PASSWORD_2 0,
>                     __PHISH_SPEAR_REASONS 0, __REFERENCES 0, __SANE_MSGID 0,
>                     __STOCK_PHRASE_24 0, __STOCK_PHRASE_7 0,
>                     __SUBJ_ALPHA_END 0, __SUBJ_ALPHA_NEGATE 0,
>                     __TO_MALFORMED_2 0, __TO_NAME 0, __TO_NAME_DIFF_FROM_ACC 0,
>                     __TO_REAL_NAMES 0, __URI_IN_BODY 0, __URI_NO_WWW 0,
>                     __URI_NS , __URI_WITH_PATH 0'
> Message-ID: <[log in to unmask]>
> Date: Fri, 10 Feb 2017 16:03:34 +0000
> Reply-To: School Information Technology Discussion <[log in to unmask]>
> Sender: School Information Technology Discussion <[log in to unmask]>
> From: Robert Carter <[log in to unmask]>
> Subject: Re: Suggestions for rogue emails
> To: [log in to unmask]
> In-Reply-To: <[log in to unmask]>
> List-Help: <http://list.uvm.edu/cgi-bin/wa?LIST=SCHOOL-IT>,
>            <mailto:[log in to unmask]>
> List-Unsubscribe: <mailto:[log in to unmask]>
> List-Subscribe: <mailto:[log in to unmask]>
> List-Owner: <mailto:[log in to unmask]>
> List-Archive: <http://list.uvm.edu/cgi-bin/wa?LIST=SCHOOL-IT>
>
> --_000_f41eadc420624eaaac2188dfbdf1c2f2WCSUMAIL13U32ORG_
> Content-Type: text/plain; charset="utf-8"
> Content-Transfer-Encoding: base64
>
> VG8gYWRkIHRvIHRoZSBjb252ZXJzYXRpb24sIHRoZSBwYXJ0IHRvIGxvb2sgYXQgd2l0aCB5b3Vy
> IG1lc3NhZ2UgaXMgdGhlIGZsb3cNCg0KDQpSZXR1cm4tUGF0aDogPGNyb2JlcnRzQGJlc2Nob29s
> Lm9yZzxtYWlsdG86Y3JvYmVydHNAYmVzY2hvb2wub3JnPj4NCg0KUmVjZWl2ZWQ6IGZyb20gbWFp
> bC15dzAteDI0NC5nb29nbGUuY29tPGh0dHA6Ly9tYWlsLXl3MC14MjQ0Lmdvb2dsZS5jb20+ICht
> YWlsLXl3MC14MjQ0Lmdvb2dsZS5jb208aHR0cDovL21haWwteXcwLXgyNDQuZ29vZ2xlLmNvbT4u
> IFsyNjA3OmY4YjA6NDAwMjpjMDU6OjI0NF0pDQoNCiAgICAgICAgYnkgbXguZ29vZ2xlLmNvbTxo
> dHRwOi8vbXguZ29vZ2xlLmNvbT4gd2l0aCBFU01UUFMgaWQgcDE5M3NpNTA0ODMyeWJnLjI2My4y
> MDE3LjAyLjA5LjA1LjM2LjA1DQoNCiAgICAgICAgZm9yIDxlZm9nYXJ0eUBiZXNjaG9vbC5vcmc8
> bWFpbHRvOmVmb2dhcnR5QGJlc2Nob29sLm9yZz4+DQoNCiAgICAgICAgKHZlcnNpb249VExTMV8y
> IGNpcGhlcj1FQ0RIRS1SU0EtQUVTMTI4LUdDTS1TSEEyNTYgYml0cz0xMjgvMTI4KTsNCg0KICAg
> ICAgICBUaHUsIDA5IEZlYiAyMDE3IDA1OjM2OjA1IC0wODAwIChQU1QpDQoNClJlY2VpdmVkLVNQ
> RjogbmV1dHJhbCAoZ29vZ2xlLmNvbTxodHRwOi8vZ29vZ2xlLmNvbT46IDI2MDc6ZjhiMDo0MDAy
> OmMwNTo6MjQ0IGlzIG5laXRoZXIgcGVybWl0dGVkIG5vciBkZW5pZWQgYnkgYmVzdCBndWVzcyBy
> ZWNvcmQgZm9yIGRvbWFpbiBvZiBjcm9iZXJ0c0BiZXNjaG9vbC5vcmc8bWFpbHRvOmNyb2JlcnRz
> QGJlc2Nob29sLm9yZz4pIGNsaWVudC1pcD0yNjA3OmY4YjA6NDAwMjpjMDU6OjI0NDsNCg0KQXV0
> aGVudGljYXRpb24tUmVzdWx0czogbXguZ29vZ2xlLmNvbTxodHRwOi8vbXguZ29vZ2xlLmNvbT47
> DQoNCk9uIHF1aWNrIHJldmlldywgdGhpcyBtZXNzYWdlIHdhcyBuZXZlciBvdXRzaWRlIG9mIGdv
> b2dsZXMgbWFpbCBzZXJ2ZXJzIChhcyBzb21lb25lIGFscmVhZHkgcG9pbnRlZCBvdXQpIGJhc2Vk
> IG9uIHRoZSByZWNlaXZpbmcgc2VydmVyIGFuZCBhdXRoZW50aWNhdGluZyBzZXJ2ZXINCg0KDQpB
> dXRoZW50aWNhdGlvbi1SZXN1bHRzOiBteC5nb29nbGUuY29tPGh0dHA6Ly9teC5nb29nbGUuY29t
> PjsNCg0KICAgICAgIGRraW09cGFzcyBoZWFkZXIuaT1AYmVzY2hvb2wtb3JnLjIwMTUwNjIzLmdh
> cHBzc210cC5jb208aHR0cDovL2Jlc2Nob29sLW9yZy4yMDE1MDYyMy5nYXBwc3NtdHAuY29tPjsN
> Cg0KVG8gbWUsIGl0IGxvb2tzIGxpa2Ugc29tZW9uZSBnYWluZWQgYWNjZXNzIHRvIHRoZSB1c2Vy
> cyBhY2NvdW50IGNyZWRlbnRpYWxzIGFuZCBzZW50IHRoZSBlbWFpbCBhcyBpZiB0aGV5IHdlcmUg
> dGhlIHVzZXIgdGhyb3VnaCBlaXRoZXIgR21haWwgZGlyZWN0IG9yIGEgY2xpZW50LXNpZGUgbWFp
> bCBwcm9ncmFtLiBJIHdvdWxkIGFkdmlzZSB5b3UgdG8gc2V0IHVwIGJvdGggeW91ciBNWCBhbmQg
> U1BGIHJlY29yZHMgd2l0aCB5b3VyIEROUyBwcm92aWRlciBhcyBpdCBsb29rcyBsaWtlIHlvdSBk
> b27igJl0IGN1cnJlbnRseSBoYXZlIHRoaXMgY29uZmlndXJlZCBhbmQgY291bGQgYmUgc3Bvb2Zl
> ZCAobWFpbCBzZW50IHRvIG90aGVycyBhcyBpZiBpdCBvcmlnaW5hdGVkIGJ5IGEgdXNlciBpbiB5
> b3VyIGRvbWFpbikuIEhvcGUgdGhpcyBoZWxwcy4NCg0KUm9iIENhcnRlcg0KV0NTVSBUZWNobm9s
> b2d5DQoNCg0KRnJvbTogU2Nob29sIEluZm9ybWF0aW9uIFRlY2hub2xvZ3kgRGlzY3Vzc2lvbiBb
> bWFpbHRvOlNDSE9PTC1JVEBsaXN0LnV2bS5lZHVdIE9uIEJlaGFsZiBPZiBFZGl0aCBGb2dhcnR5
> DQpTZW50OiBGcmlkYXksIEZlYnJ1YXJ5IDEwLCAyMDE3IDk6NDMgQU0NClRvOiBTQ0hPT0wtSVRA
> TElTVC5VVk0uRURVDQpTdWJqZWN0OiBSZTogU3VnZ2VzdGlvbnMgZm9yIHJvZ3VlIGVtYWlscw0K
> DQpGb3JnaXZlIG15IGlnbm9yYW5jZSwgYnV0IHdoYXQgY2FuIEkgdGVsbCBmcm9tIHRoZSBoZWFk
> ZXJzPyAgSSBjYW4gaG9uZXN0bHkgc2F5IHRoYXQgSSBkb24ndCBldmVuIGtub3cgd2hhdCBwYXJ0
> IGlzIHRoZSAiaGVhZGVyLiIgIEJlbG93IGlzIHdoYXQgSSByZWNlaXZlZC4NCg0KDQpEZWxpdmVy
> ZWQtVG86IGVmb2dhcnR5QGJlc2Nob29sLm9yZzxtYWlsdG86ZWZvZ2FydHlAYmVzY2hvb2wub3Jn
> Pg0KDQpSZWNlaXZlZDogYnkgMTAuMTU3LjEyLjE1NSB3aXRoIFNNVFAgaWQgYjI3Y3NwMjY1ODU1
> b3RiOw0KDQogICAgICAgIFRodSwgOSBGZWIgMjAxNyAwNTozNjowNSAtMDgwMCAoUFNUKQ0KDQpY
> LVJlY2VpdmVkOiBieSAxMC4xMjkuMTE4Ljc3IHdpdGggU01UUCBpZCBqMTNtcjIyNDI2OTd5d2su
> MjcwLjE0ODY2NDczNjUyNjY7DQoNCiAgICAgICAgVGh1LCAwOSBGZWIgMjAxNyAwNTozNjowNSAt
> MDgwMCAoUFNUKQ0KDQpSZXR1cm4tUGF0aDogPGNyb2JlcnRzQGJlc2Nob29sLm9yZzxtYWlsdG86
> Y3JvYmVydHNAYmVzY2hvb2wub3JnPj4NCg0KUmVjZWl2ZWQ6IGZyb20gbWFpbC15dzAteDI0NC5n
> b29nbGUuY29tPGh0dHA6Ly9tYWlsLXl3MC14MjQ0Lmdvb2dsZS5jb20+IChtYWlsLXl3MC14MjQ0
> Lmdvb2dsZS5jb208aHR0cDovL21haWwteXcwLXgyNDQuZ29vZ2xlLmNvbT4uIFsyNjA3OmY4YjA6
> NDAwMjpjMDU6OjI0NF0pDQoNCiAgICAgICAgYnkgbXguZ29vZ2xlLmNvbTxodHRwOi8vbXguZ29v
> Z2xlLmNvbT4gd2l0aCBFU01UUFMgaWQgcDE5M3NpNTA0ODMyeWJnLjI2My4yMDE3LjAyLjA5LjA1
> LjM2LjA1DQoNCiAgICAgICAgZm9yIDxlZm9nYXJ0eUBiZXNjaG9vbC5vcmc8bWFpbHRvOmVmb2dh
> cnR5QGJlc2Nob29sLm9yZz4+DQoNCiAgICAgICAgKHZlcnNpb249VExTMV8yIGNpcGhlcj1FQ0RI
> RS1SU0EtQUVTMTI4LUdDTS1TSEEyNTYgYml0cz0xMjgvMTI4KTsNCg0KICAgICAgICBUaHUsIDA5
> IEZlYiAyMDE3IDA1OjM2OjA1IC0wODAwIChQU1QpDQoNClJlY2VpdmVkLVNQRjogbmV1dHJhbCAo
> Z29vZ2xlLmNvbTxodHRwOi8vZ29vZ2xlLmNvbT46IDI2MDc6ZjhiMDo0MDAyOmMwNTo6MjQ0IGlz
> IG5laXRoZXIgcGVybWl0dGVkIG5vciBkZW5pZWQgYnkgYmVzdCBndWVzcyByZWNvcmQgZm9yIGRv
> bWFpbiBvZiBjcm9iZXJ0c0BiZXNjaG9vbC5vcmc8bWFpbHRvOmNyb2JlcnRzQGJlc2Nob29sLm9y
> Zz4pIGNsaWVudC1pcD0yNjA3OmY4YjA6NDAwMjpjMDU6OjI0NDsNCg0KQXV0aGVudGljYXRpb24t
> UmVzdWx0czogbXguZ29vZ2xlLmNvbTxodHRwOi8vbXguZ29vZ2xlLmNvbT47DQoNCiAgICAgICBk
> a2ltPXBhc3MgaGVhZGVyLmk9QGJlc2Nob29sLW9yZy4yMDE1MDYyMy5nYXBwc3NtdHAuY29tPGh0
> dHA6Ly9iZXNjaG9vbC1vcmcuMjAxNTA2MjMuZ2FwcHNzbXRwLmNvbT47DQoNCiAgICAgICBzcGY9
> bmV1dHJhbCAoZ29vZ2xlLmNvbTxodHRwOi8vZ29vZ2xlLmNvbT46IDI2MDc6ZjhiMDo0MDAyOmMw
> NTo6MjQ0IGlzIG5laXRoZXIgcGVybWl0dGVkIG5vciBkZW5pZWQgYnkgYmVzdCBndWVzcyByZWNv
> cmQgZm9yIGRvbWFpbiBvZiBjcm9iZXJ0c0BiZXNjaG9vbC5vcmc8bWFpbHRvOmNyb2JlcnRzQGJl
> c2Nob29sLm9yZz4pIHNtdHAubWFpbGZyb209Y3JvYmVydHNAYmVzY2hvb2wub3JnPG1haWx0bzpj
> cm9iZXJ0c0BiZXNjaG9vbC5vcmc+DQoNClJlY2VpdmVkOiBieSBtYWlsLXl3MC14MjQ0Lmdvb2ds
> ZS5jb208aHR0cDovL21haWwteXcwLXgyNDQuZ29vZ2xlLmNvbT4gd2l0aCBTTVRQIGlkIHU2OHNv
> Mjg0NDAyeXdnLjANCg0KICAgICAgICBmb3IgPGVmb2dhcnR5QGJlc2Nob29sLm9yZzxtYWlsdG86
> ZWZvZ2FydHlAYmVzY2hvb2wub3JnPj47IFRodSwgMDkgRmViIDIwMTcgMDU6MzY6MDUgLTA4MDAg
> KFBTVCkNCg0KREtJTS1TaWduYXR1cmU6IHY9MTsgYT1yc2Etc2hhMjU2OyBjPXJlbGF4ZWQvcmVs
> YXhlZDsNCg0KICAgICAgICBkPWJlc2Nob29sLW9yZy4yMDE1MDYyMy5nYXBwc3NtdHAuY29tPGh0
> dHA6Ly9iZXNjaG9vbC1vcmcuMjAxNTA2MjMuZ2FwcHNzbXRwLmNvbT47IHM9MjAxNTA2MjM7DQoN
> CiAgICAgICAgaD1taW1lLXZlcnNpb246ZnJvbTpkYXRlOm1lc3NhZ2UtaWQ6c3ViamVjdDp0bzsN
> Cg0KICAgICAgICBiaD1wOFE0bW1SK1psb1B0OU14VEZVNEQwQks1TkVFNzIwaTJBelBaaFlzNXRz
> PTsNCg0KICAgICAgICBiPXN0ODdUWEYvWnhMY1c3a0lRWm4rc0JQNENkd2NQanhER3ptZTliYXUz
> Tk1Pd0FOVEJJckRlTS85d0RqVlpSMmtuVw0KDQogICAgICAgICBTYklST0Z2SXRSbU9vMnN2US9q
> WGROQXU4cjE3eE0wQS8wemlvWDU4UGRPUkkvbXFTUjlab2crYjlveStqbzVLVUFuZA0KDQogICAg
> ICAgICBzWDV2eGNXOEdlYzRhK0xzNGVxS1MrV3NSRHVnWVpJcUtqRng0TlFSNWtzRFp2VldObWgx
> Nml6QjBUR2xPSUFTK0NPNw0KDQogICAgICAgICBadHAyUDE3dkk5VE95OUhhU1ZWTnZOeWlRWk81
> RnF3a0xkcHJkcmp5MFVxS2pBYU03eWpnSVUxYjdxUUxleUhEdi9Mbg0KDQogICAgICAgICBzSGI5
> eU0vV0dDNFhQRXByVW1sOUQza2VZVTI1TU1zdU9DZE40dlE5N3RLT2tDVlBxY0hGbmlwVWM3Rmln
> MTltcWlHNA0KDQogICAgICAgICBHVS9BPT0NCg0KWC1Hb29nbGUtREtJTS1TaWduYXR1cmU6IHY9
> MTsgYT1yc2Etc2hhMjU2OyBjPXJlbGF4ZWQvcmVsYXhlZDsNCg0KICAgICAgICBkPTFlMTAwLm5l
> dDxodHRwOi8vMWUxMDAubmV0Pjsgcz0yMDE2MTAyNTsNCg0KICAgICAgICBoPXgtZ20tbWVzc2Fn
> ZS1zdGF0ZTptaW1lLXZlcnNpb246ZnJvbTpkYXRlOm1lc3NhZ2UtaWQ6c3ViamVjdDp0bzsNCg0K
> ICAgICAgICBiaD1wOFE0bW1SK1psb1B0OU14VEZVNEQwQks1TkVFNzIwaTJBelBaaFlzNXRzPTsN
> Cg0KICAgICAgICBiPWdEZ0FuSGg3c2VXNS9acGtOWkgydEpHaVJzRGtBcWt5Q2FsZnNNK1h5Vi8z
> RlNrK0MxSGs4OExBS1B1R2hoZG95RA0KDQogICAgICAgICA5Mk9qd3RvbldLckdkQTBRbEFuWjZ4
> bTdLaSsrMjFRazFIamlHc2dmc3hudFFiOWMydHk5OWs2bE5YL0JLdU9ZQXo5Yg0KDQogICAgICAg
> ICBTeUdSL01qSlBQRlYrMXR0SjVkUFc5bll0SG9JSkF3YkZ4TTE1bXU4aTVkMGFYQm5qSWp2bndI
> aWMzekF3aFU2YTFwSw0KDQogICAgICAgICB6YXhKdWhwL0IxcmJlQUhDQWhOZVF4TmxpUlFpclBS
> SW1ZVThJRnVmMGkxL09IUXdEY2FLSU0xY1cxQmlTV2wzUmVqNQ0KDQogICAgICAgICA1R2Z1Y0pi
> VXBQbU55bzAvZElvYWtnSjRBS29LY0F1NUlsQ2o1d3R1dmxqSklCMGZvWGZnTlEvWkg4VmU5a0Iw
> Q05mZw0KDQogICAgICAgICBKaTRRPT0NCg0KWC1HbS1NZXNzYWdlLVN0YXRlOiBBTWtlMzltZVJL
> clFJbEJDaS9iMXRkK0hQS2oxTE5tbzZmQVJBZm5neTBRS2E0UUJSZ2xKSzM3bWFTcDY3Q1p2Ukcz
> alVWY295ZlBxL0NpK0F4aCtrN2NQYkdvPQ0KDQpYLVJlY2VpdmVkOiBieSAxMC4xMjkuMTUyLjc3
> IHdpdGggU01UUCBpZCBwNzRtcjIwNjQzMjB5d2cuMTc3LjE0ODY2NDczNjQ2MTE7IFRodSwgMDkg
> RmViIDIwMTcgMDU6MzY6MDQgLTA4MDAgKFBTVCkNCg0KTUlNRS1WZXJzaW9uOiAxLjANCg0KUmVj
> ZWl2ZWQ6IGJ5IDEwLjM3LjEyMy43IHdpdGggSFRUUDsgVGh1LCA5IEZlYiAyMDE3IDA1OjM2OjAx
> IC0wODAwIChQU1QpDQoNCkZyb206IENhdGh5IFJvYmVydHMgPGNyb2JlcnRzQGJlc2Nob29sLm9y
> ZzxtYWlsdG86Y3JvYmVydHNAYmVzY2hvb2wub3JnPj4NCg0KRGF0ZTogVGh1LCA5IEZlYiAyMDE3
> IDA1OjM2OjAxIC0wODAwDQoNCk1lc3NhZ2UtSUQ6IDxDQVB3K0ppSnV1QU94dTA3bktPOUt1RHpL
> REViWWthc05GQnRvU010UlpfaEN0TEp6dmdAbWFpbC5nbWFpbC5jb208bWFpbHRvOkNBUHclMkJK
> aUp1dUFPeHUwN25LTzlLdUR6S0RFYllrYXNORkJ0b1NNdFJaX2hDdExKenZnQG1haWwuZ21haWwu
> Y29tPj4NCg0KU3ViamVjdDogU2VjdXJlZCBNZXNzYWdlDQoNClRvOiB1bmRpc2Nsb3NlZC1yZWNp
> cGllbnRzOjsNCg0KQ29udGVudC1UeXBlOiBtdWx0aXBhcnQvbWl4ZWQ7IGJvdW5kYXJ5PTk0ZWIy
> YzBiYmY1NjEzNDc5MDA1NDgxOTEwZmMNCg0KQmNjOiBlZm9nYXJ0eUBiZXNjaG9vbC5vcmc8bWFp
> bHRvOmVmb2dhcnR5QGJlc2Nob29sLm9yZz4NCg0KDQoNCi0tOTRlYjJjMGJiZjU2MTM0NzkwMDU0
> ODE5MTBmYw0KDQpDb250ZW50LVR5cGU6IG11bHRpcGFydC9hbHRlcm5hdGl2ZTsgYm91bmRhcnk9
> OTRlYjJjMGJiZjU2MTM0NzhiMDU0ODE5MTBmYQ0KDQoNCg0KLS05NGViMmMwYmJmNTYxMzQ3OGIw
> NTQ4MTkxMGZhDQoNCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD1VVEYtOA0KDQoN
> Cg0KUGxlYXNlIHNlZSBhdHRhY2hlZCBkb2N1bWVudCBmb3IgeW91ciByZXZpZXcuDQoNCg0KDQoN
> Cg0KVGhhbmtzDQoNCg0KDQotLTk0ZWIyYzBiYmY1NjEzNDc4YjA1NDgxOTEwZmENCg0KQ29udGVu
> dC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9VVRGLTgNCg0KQ29udGVudC1UcmFuc2Zlci1FbmNv
> ZGluZzogcXVvdGVkLXByaW50YWJsZQ0KDQoNCg0KPGRpdiBkaXI9M0QibHRyIj48c3BhbiBzdHls
> ZT0zRCJmb250LXNpemU6MTIuOHB4O2xpbmUtaGVpZ2h0Om5vcm1hbCI+UGxlYXNlPQ0KDQogc2Vl
> IGF0dGFjaGVkIGRvY3VtZW50IGZvciB5b3VyIHJldmlldy48L3NwYW4+PGJyIHN0eWxlPTNEImZv
> bnQtc2l6ZToxMi44cHg9DQoNCjtsaW5lLWhlaWdodDpub3JtYWwiPjxiciBzdHlsZT0zRCJmb250
> LXNpemU6MTIuOHB4O2xpbmUtaGVpZ2h0Om5vcm1hbCI+PGJyID0NCg0Kc3R5bGU9M0QiZm9udC1z
> aXplOjEyLjhweDtsaW5lLWhlaWdodDpub3JtYWwiPjxzcGFuIHN0eWxlPTNEImZvbnQtc2l6ZTox
> Mi44PQ0KDQpweDtsaW5lLWhlaWdodDpub3JtYWwiPlRoYW5rczwvc3Bhbj48YnI+PC9kaXY+DQoN
> Cg0KDQotLTk0ZWIyYzBiYmY1NjEzNDc4YjA1NDgxOTEwZmEtLQ0KDQotLTk0ZWIyYzBiYmY1NjEz
> NDc5MDA1NDgxOTEwZmMNCg0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9wZGY7IG5hbWU9IkRv
> Y3VtZW50MjAxNy0wOS0wMi0wNzUwNTUucGRmIg0KDQpDb250ZW50LURpc3Bvc2l0aW9uOiBhdHRh
> Y2htZW50OyBmaWxlbmFtZT0iRG9jdW1lbnQyMDE3LTA5LTAyLTA3NTA1NS5wZGYiDQoNCkNvbnRl
> bnQtVHJhbnNmZXItRW5jb2Rpbmc6IGJhc2U2NA0KDQpYLUF0dGFjaG1lbnQtSWQ6IGZfaXl5ZmZy
> MHQwDQoNCg0KDQoNCg0KLS05NGViMmMwYmJmNTYxMzQ3OTAwNTQ4MTkxMGZjLS0NCg0KRWRpdGgg
> Rm9nYXJ0eQ0KVGVjaG5vbG9neSBJbnRlZ3JhdGlvbiBGYWNpbGl0YXRvcg0KQnJhZGZvcmQgRWxl
> bWVudGFyeSBTY2hvb2wNCjE0MyBGYWlyZ3JvdW5kIFJkDQpCcmFkZm9yZCwgVlQgMDUwMzMNCjgw
> Mi4yMjIuNDA3NyB4MjgxDQo4MDIuMjIyLjUxOTYgZmF4DQpbaHR0cHM6Ly9kb2NzLmdvb2dsZS5j
> b20vdWM/ZXhwb3J0PWRvd25sb2FkJmlkPTBCLTJCU29sNFRPTzlVVEF0TWtFNU1tWkpRVlUmcmV2
> aWQ9MEItMkJTb2w0VE9POU5XSlVObTh6YzFWalUxWm1Vak5KV21GcGQyTkNOV041YzBFd1BRXSBb
> aHR0cHM6Ly9kb2NzLmdvb2dsZS5jb20vdWM/ZXhwb3J0PWRvd25sb2FkJmlkPTBCLTJCU29sNFRP
> TzlVekJUTjNkT2JWaFdRMWsmcmV2aWQ9MEItMkJTb2w0VE9POVpFWTVNRzl5YTBrd2MxcDFRa3RT
> UjNsR2MyWXlUSEV3SzJvMFBRXQ0KDQpPbiBGcmksIEZlYiAxMCwgMjAxNyBhdCA5OjEyIEFNLCBT
> Y290dCBHcmFudCA8c2dyYW50QGFud3N1Lm9yZzxtYWlsdG86c2dyYW50QGFud3N1Lm9yZz4+IHdy
> b3RlOg0KQWdyZWVkLiAgSSd2ZSBzZWVuIHRoYXQgYWN0dWFsbHkgbW9yZSBvZnRlbi4gIEJlIHN1
> cmUgdG8gcG9pbnQgb3V0IHRoYXQgeW91IG5lZWQgdGhlIGhlYWRlcnMgb2YgdGhlIG9yaWdpbmFs
> IHRoZXkgcmVjZWl2ZWQuDQoNCk9uIEZyaSwgRmViIDEwLCAyMDE3IGF0IDk6MDQgQU0sIERhdmlk
> IE1jQ2xlbGxhbiA8ZGF2aWQubWNjbGVsbGFuQGNlc3V2dC5vcmc8bWFpbHRvOmRhdmlkLm1jY2xl
> bGxhbkBjZXN1dnQub3JnPj4gd3JvdGU6DQpOb3QgdG8gZGlzY291bnQgdGhlIHBvc3NpYmlsaXR5
> IG9mIHRoZSBhY2NvdW50IGJlaW5nIGNvbXByb21pc2VkLCBidXQgSSdtIHdpdGggQmlsbCBGaXR6
> Z2VyYWxkIGhlcmUuIEknZCBjaGVjayB0aGUgaGVhZGVycyBvZiB0aGUgc2VudCBtYWlsLCBJJ2Qg
> YmUgd2lsbGluZyB0byBiZXQgdGhlIGFkZHJlc3Mgd2FzIHNwb29mZWQuIE1heWJlIGhhdmUgdGhl
> IHJlY2lwaWVudHMgb2YgdGhlIGVtYWlsIGZvcndhcmQgaXQgYmFjayB0byB5b3UgdG8gc2VlIHdo
> YXQgeW91IGNhbiBpbiB0aGUgaGVhZGVycz8NCg0KR29vZCBsdWNrLA0KDQpPbiBUaHUsIEZlYiA5
> LCAyMDE3LCAxODoyMyBCaWxsIEZpdHpnZXJhbGQgPGJpbGxAZnVubnltb25rZXkuY29tPG1haWx0
> bzpiaWxsQGZ1bm55bW9ua2V5LmNvbT4+IHdyb3RlOg0KQWxzbywganVzdCBzbyB0aGUgZW1haWwg
> YWRkcmVzcyBjYW4ndCBiZSBzcG9vZmVkLCBtYWtlIHN1cmUgdGhhdCB5b3UgaGF2ZSBTUEYsIERL
> SU0sIGFuZCBETUFSQyByZWNvcmRzIHNldCB1cC4NCg0KQ2hlZXJzLA0KDQpCaWxsDQoNCk9uIFRo
> dSwgRmViIDksIDIwMTcgYXQgMTI6NTUgUE0sIFNjb3R0IEdyYW50IDxzZ3JhbnRAYW53c3Uub3Jn
> PG1haWx0bzpzZ3JhbnRAYW53c3Uub3JnPj4gd3JvdGU6DQpNb3N0IG9mIHRoZXNlIHN1Z2dlc3Rp
> b25zIGFzc3VtZSBHb29nbGUgZW1haWwgYWNjb3VudHMuICBIZXJlJ3Mgd2hhdCBJJ2Qgc3VnZ2Vz
> dCB0byBzdW1tYXJpemU6DQoNCkRpc2FibGUgdGhlIGFjY291bnQgZmlyc3QhIChhbHJlYWR5IGRv
> bmUpDQpSZXZpZXcgd2hlcmUgdGhlIGFjY291bnQgaGFkIGJlZW4gbG9nZ2VkIGludG8uICBHZXQg
> c2NyZWVuIGNhcHR1cmVzIG9mIHRoZSBkYXRhLg0KQ2hhbmdlIHRoZSBwYXNzd29yZC4NCkNvbnNp
> ZGVyIGhhdmluZyB0aGUgdXNlciBsZXZlcmFnZSBhIHNlY29uZC1mYWN0b3IgZm9yIGF1dGhlbnRp
> Y2F0aW9uLg0KUmVzZXQgc2lnbiBpbiBjb29raWVzIGFzIHBlciBhbm90aGVyIHN1Z2dlc3Rpb24u
> DQpSdW4gQVYgb24gdGhlIHVzZXIncyBjb21wdXRlcihzKS4NCkVuc3VyZSBhIGxldmVsIG9mIHBh
> c3N3b3JkIGNvbXBsZXhpdHkgZm9yIHRoZSBuZXcgcGFzc3dvcmQuDQpSZS1lbmFibGUgdGhlIGFj
> Y291bnQuDQpSZXZpZXcgdGhlaXIgU2VudCBtZXNzYWdlcyBhbmQgQUxMIE1haWwgdmlld3MuICBB
> bHNvIGVuc3VyZSB0aGV5IGFyZSByZWNlaXZpbmcgZW1haWxzIGNvcnJlY3RseS4gIFNvbWV0aW1l
> cyBoYWNrZXJzIHdpbGwgYWRkIGEgcnVsZSB0byBHTWFpbCB0byBhcmNoaXZlIGFsbCBpbmJvdW5k
> IG1lc3NhZ2VzLiAgVGhpcyB3YXksIHRoZSBvd25lciBkb2Vzbid0IHNlZSB0aGUgZGVsaXZlcnkg
> ZmFpbHVyZXMsIGV0Yy4NCg0KVmVyaWZ5IHdoZXJlIHRoZXkgYWNjZXNzIHRoZWlyIGVtYWlsIGZy
> b20uICBJcyBpdCBmcm9tIGhvbWUgYXMgd2VsbCBvbiBhIGRpZmZlcmVudCBjb21wdXRlcj8gIFN1
> Z2dlc3QgdGhleSBydW4gQVYgdGhlcmUgYXMgd2VsbC4NCg0KVGhhdCdzIHRoZSBiYXNpY3MuDQoN
> Cg0KDQpPbiBUaHUsIEZlYiA5LCAyMDE3IGF0IDEwOjA2IEFNLCBDaHJpc3RpbmUgR2lic29uIDxj
> Z2lic29uQGFjc3Uub3JnPG1haWx0bzpjZ2lic29uQGFjc3Uub3JnPj4gd3JvdGU6DQpJIHdvdWxk
> IGFsc28gc3VnZ2VzdCB0aGF0IHlvdSByZXNldCB0aGUgc2lnbi1pbiBjb29raWVzLiAgVGhpcyB3
> aWxsIGtpY2sgb3V0IGFueW9uZSB3aG8gbWF5IGhhdmUgYmVlbiBzaWduZWQgaW50byB0aGUgYWNj
> b3VudC4gIFNpbXBseSBjaGFuZ2luZyB0aGUgcGFzc3dvcmQgZG9lcyBub3QgdGVybWluYXRlIGFs
> bCBjdXJyZW50IHNlc3Npb25zLiAgWW91IGNhbiBmaW5kIHRoZSBzd2l0Y2ggdG8gcmVzZXQgdGhl
> IHNpZ24taW4gY29va2llcyB1bmRlciBBY2NvdW50IGluIHRoZSBHb29nbGUgQWRtaW4gQ29uc29s
> ZS4NCg0KQ2hyaXN0aW5lIEdpYnNvbg0KDQpQb3dlclNjaG9vbCBEYXRhIE1hbmFnZXINCjQ5IENo
> YXJsZXMgQXZlbnVlDQpNaWRkbGVidXJ5LCBWVCAwNTc1Mw0KY2dpYnNvbkBhY3N1Lm9yZzxtYWls
> dG86Y2dpYnNvbkBhY3N1Lm9yZz4NCjgwMi0zODItMTcyMDx0ZWw6KDgwMiklMjAzODItMTcyMD4N
> Cg0KT24gVGh1LCBGZWIgOSwgMjAxNyBhdCAxMDowMSBBTSwgUmF5bW9uZCBCYWxsb3UgPHJiYWxs
> b3VAd3J2c3Uub3JnPG1haWx0bzpyYmFsbG91QHdydnN1Lm9yZz4+IHdyb3RlOg0KRWRpdGgNCg0K
> Tm90IHN1cmUgd2h5IGl0IGRvZXNuJ3QgbGlzdCBjaGFuZ2UgcGFzc3dvcmQsIGJ1dCBoZXJlIGFy
> ZSB0aGUgc3VnZ2VzdGlvbnMgZnJvbSBHb29nbGUuDQoNCmh0dHBzOi8vc3VwcG9ydC5nb29nbGUu
> Y29tL2EvYW5zd2VyLzI5ODQzNDk/aGw9ZW4NCg0KDQpSDQoNCi0tLS0tLS0tLS0tLS0tLS0tLS0t
> LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQoNClNl
> YXJjaCA8aHR0cDovL2xpc3QudXZtLmVkdS9hcmNoaXZlcy9zY2hvb2wtaXQuaHRtbD4gdGhlIFND
> SE9PTC1JVCBBcmNoaXZlDQoNCk1hbmFnZTxodHRwOi8vbGlzdC51dm0uZWR1L2NnaS1iaW4vd2E/
> U1VCRUQxPVNDSE9PTC1JVCZBPTE+IHlvdXIgU3Vic2NyaXB0aW9uIHRvIFNDSE9PTC1JVA0KDQoN
> Ci0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
> LS0tLS0tLS0tLS0tLS0tDQoNClNlYXJjaCA8aHR0cDovL2xpc3QudXZtLmVkdS9hcmNoaXZlcy9z
> Y2hvb2wtaXQuaHRtbD4gdGhlIFNDSE9PTC1JVCBBcmNoaXZlDQoNCk1hbmFnZTxodHRwOi8vbGlz
> dC51dm0uZWR1L2NnaS1iaW4vd2E/U1VCRUQxPVNDSE9PTC1JVCZBPTE+IHlvdXIgU3Vic2NyaXB0
> aW9uIHRvIFNDSE9PTC1JVA0KDQoNCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
> LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQoNClNlYXJjaCA8aHR0cDovL2xp
> c3QudXZtLmVkdS9hcmNoaXZlcy9zY2hvb2wtaXQuaHRtbD4gdGhlIFNDSE9PTC1JVCBBcmNoaXZl
> DQoNCk1hbmFnZTxodHRwOi8vbGlzdC51dm0uZWR1L2NnaS1iaW4vd2E/U1VCRUQxPVNDSE9PTC1J
> VCZBPTE+IHlvdXIgU3Vic2NyaXB0aW9uIHRvIFNDSE9PTC1JVA0KDQoNCi0tLS0tLS0tLS0tLS0t
> LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
> DQoNClNlYXJjaCA8aHR0cDovL2xpc3QudXZtLmVkdS9hcmNoaXZlcy9zY2hvb2wtaXQuaHRtbD4g
> dGhlIFNDSE9PTC1JVCBBcmNoaXZlDQoNCk1hbmFnZTxodHRwOi8vbGlzdC51dm0uZWR1L2NnaS1i
> aW4vd2E/U1VCRUQxPVNDSE9PTC1JVCZBPTE+IHlvdXIgU3Vic2NyaXB0aW9uIHRvIFNDSE9PTC1J
> VA0KLS0NCkRhdmlkIE1jQ2xlbGxhbg0KVGVjaG5vbG9neSBTdXBwb3J0IFNwZWNpYWxpc3QNCkNo
> aXR0ZW5kZW4gRWFzdCBTdXBlcnZpc29yeSBVbmlvbg0KTW9iaWxlOiAoODAyKSA0NTggLSA3MzI3
> PHRlbDooODAyKSUyMDQ1OC03MzI3Pg0KQmFja3VwIE1vYmlsZTogKDgwMikgNDQ4IC0gMDMyOTx0
> ZWw6KDgwMiklMjA0NDgtMDMyOT4NCg0KDQpUaGlzIGUtbWFpbCBtYXkgY29udGFpbiBpbmZvcm1h
> dGlvbiBwcm90ZWN0ZWQgdW5kZXIgdGhlIEZhbWlseSBFZHVjYXRpb25hbCBSaWdodHMgYW5kIFBy
> aXZhY3kgQWN0IChGRVJQQSkuIElmIHRoaXMgZS1tYWlsIGNvbnRhaW5zIHN0dWRlbnQgaW5mb3Jt
> YXRpb24gYW5kIHlvdSBhcmUgbm90IGVudGl0bGVkIHRvIGFjY2VzcyBzdWNoIGluZm9ybWF0aW9u
> IHVuZGVyIEZFUlBBLCBwbGVhc2Ugbm90aWZ5IHRoZSBzZW5kZXIuIEZlZGVyYWwgcmVndWxhdGlv
> bnMgcmVxdWlyZSB0aGF0IHlvdSBkZXN0cm95IHRoaXMgZS1tYWlsIHdpdGhvdXQgcmV2aWV3aW5n
> IGl0IGFuZCB5b3UgbWF5IG5vdCBmb3J3YXJkIGl0IHRvIGFueW9uZS4NCg0KLS0tLS0tLS0tLS0t
> LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
> LS0NCg0KU2VhcmNoIDxodHRwOi8vbGlzdC51dm0uZWR1L2FyY2hpdmVzL3NjaG9vbC1pdC5odG1s
> PiB0aGUgU0NIT09MLUlUIEFyY2hpdmUNCg0KTWFuYWdlPGh0dHA6Ly9saXN0LnV2bS5lZHUvY2dp
> LWJpbi93YT9TVUJFRDE9U0NIT09MLUlUJkE9MT4geW91ciBTdWJzY3JpcHRpb24gdG8gU0NIT09M
> LUlUDQoNCg0KLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
> LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCg0KU2VhcmNoIDxodHRwOi8vbGlzdC51dm0uZWR1L2Fy
> Y2hpdmVzL3NjaG9vbC1pdC5odG1sPiB0aGUgU0NIT09MLUlUIEFyY2hpdmUNCg0KTWFuYWdlPGh0
> dHA6Ly9saXN0LnV2bS5lZHUvY2dpLWJpbi93YT9TVUJFRDE9U0NIT09MLUlUJkE9MT4geW91ciBT
> dWJzY3JpcHRpb24gdG8gU0NIT09MLUlUDQoNCg0KQ09ORklERU5USUFMSVRZIE5PVEU6IFRoZSBp
> bmZvcm1hdGlvbiB0cmFuc21pdHRlZCwgaW5jbHVkaW5nIGF0dGFjaG1lbnRzLCBpcyBpbnRlbmRl
> ZCBvbmx5IGZvciB0aGUgcGVyc29uKHMpIG9yIGVudGl0eSB0byB3aGljaCBpdCBpcyBhZGRyZXNz
> ZWQgYW5kIG1heSBjb250YWluIGNvbmZpZGVudGlhbCBhbmQvb3IgcHJpdmlsZWdlZCBtYXRlcmlh
> bC4gQW55IHJldmlldywgcmV0cmFuc21pc3Npb24sIGRpc3NlbWluYXRpb24gb3Igb3RoZXIgdXNl
> IG9mLCBvciB0YWtpbmcgb2YgYW55IGFjdGlvbiBpbiByZWxpYW5jZSB1cG9uIHRoaXMgaW5mb3Jt
> YXRpb24gYnkgcGVyc29ucyBvciBlbnRpdGllcyBvdGhlciB0aGFuIHRoZSBpbnRlbmRlZCByZWNp
> cGllbnQgaXMgcHJvaGliaXRlZC4gSWYgeW91IHJlY2VpdmVkIHRoaXMgaW4gZXJyb3IsIHBsZWFz
> ZSBjb250YWN0IHRoZSBzZW5kZXIgYW5kIGRlc3Ryb3kgYW55IGNvcGllcyBvZiB0aGlzIGluZm9y
> bWF0aW9uLg0KDQotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
> LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KDQpTZWFyY2ggPGh0dHA6Ly9saXN0LnV2bS5lZHUv
> YXJjaGl2ZXMvc2Nob29sLWl0Lmh0bWw+IHRoZSBTQ0hPT0wtSVQgQXJjaGl2ZQ0KDQpNYW5hZ2U8
> aHR0cDovL2xpc3QudXZtLmVkdS9jZ2ktYmluL3dhP1NVQkVEMT1TQ0hPT0wtSVQmQT0xPiB5b3Vy
> IFN1YnNjcmlwdGlvbiB0byBTQ0hPT0wtSVQNCg==
> --_000_f41eadc420624eaaac2188dfbdf1c2f2WCSUMAIL13U32ORG_
> Content-Transfer-Encoding: quoted-printable
> Content-Type: text/html; charset="utf-8"
>
> <html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
> osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
> xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
> //www.w3.org/TR/REC-html40">
> <head>
> <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf-8">
> <meta name=3D"Generator" content=3D"Microsoft Word 15 (filtered medium)">
> <!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
> o\:* {behavior:url(#default#VML);}
> w\:* {behavior:url(#default#VML);}
> .shape {behavior:url(#default#VML);}
> </style><![endif]--><style><!--
> /* Font Definitions */
> @font-face
> =09{font-family:"Cambria Math";
> =09panose-1:2 4 5 3 5 4 6 3 2 4;}
> @font-face
> =09{font-family:Calibri;
> =09panose-1:2 15 5 2 2 2 4 3 2 4;}
> @font-face
> =09{font-family:Consolas;
> =09panose-1:2 11 6 9 2 2 4 3 2 4;}
> /* Style Definitions */
> p.MsoNormal, li.MsoNormal, div.MsoNormal
> =09{margin:0in;
> =09margin-bottom:.0001pt;
> =09font-size:12.0pt;
> =09font-family:"Times New Roman",serif;}
> a:link, span.MsoHyperlink
> =09{mso-style-priority:99;
> =09color:blue;
> =09text-decoration:underline;}
> a:visited, span.MsoHyperlinkFollowed
> =09{mso-style-priority:99;
> =09color:purple;
> =09text-decoration:underline;}
> p
> =09{mso-style-priority:99;
> =09mso-margin-top-alt:auto;
> =09margin-right:0in;
> =09mso-margin-bottom-alt:auto;
> =09margin-left:0in;
> =09font-size:12.0pt;
> =09font-family:"Times New Roman",serif;}
> pre
> =09{mso-style-priority:99;
> =09mso-style-link:"HTML Preformatted Char";
> =09margin:0in;
> =09margin-bottom:.0001pt;
> =09font-size:10.0pt;
> =09font-family:"Courier New";}
> span.HTMLPreformattedChar
> =09{mso-style-name:"HTML Preformatted Char";
> =09mso-style-priority:99;
> =09mso-style-link:"HTML Preformatted";
> =09font-family:Consolas;}
> p.m9104320700020084147m-2468182713704057239gmailmsg, li.m910432070002008414=
> 7m-2468182713704057239gmailmsg, div.m9104320700020084147m-24681827137040572=
> 39gmailmsg
> =09{mso-style-name:m_9104320700020084147m_-2468182713704057239gmail_msg;
> =09mso-margin-top-alt:auto;
> =09margin-right:0in;
> =09mso-margin-bottom-alt:auto;
> =09margin-left:0in;
> =09font-size:12.0pt;
> =09font-family:"Times New Roman",serif;}
> span.m9104320700020084147m-2468182713704057239gmailmsg1
> =09{mso-style-name:m_9104320700020084147m_-2468182713704057239gmail_msg1;}
> span.m9104320700020084147m-2468182713704057239m1484017590329750603m43264582=
> 4362608678m-5775518676933508011hoenzb
> =09{mso-style-name:m_9104320700020084147m_-2468182713704057239m_14840175903=
> 29750603m_432645824362608678m_-5775518676933508011hoenzb;}
> span.m9104320700020084147m-2468182713704057239m1484017590329750603m43264582=
> 4362608678m-5775518676933508011m2563036470163041945hoenzb
> =09{mso-style-name:m_9104320700020084147m_-2468182713704057239m_14840175903=
> 29750603m_432645824362608678m_-5775518676933508011m_2563036470163041945hoen=
> zb;}
> span.m9104320700020084147hoenzb
> =09{mso-style-name:m_9104320700020084147hoenzb;}
> span.EmailStyle26
> =09{mso-style-type:personal-reply;
> =09font-family:"Calibri",sans-serif;
> =09color:#1F497D;}
> .MsoChpDefault
> =09{mso-style-type:export-only;
> =09font-family:"Calibri",sans-serif;}
> @page WordSection1
> =09{size:8.5in 11.0in;
> =09margin:1.0in 1.0in 1.0in 1.0in;}
> div.WordSection1
> =09{page:WordSection1;}
> --></style><!--[if gte mso 9]><xml>
> <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
> </xml><![endif]--><!--[if gte mso 9]><xml>
> <o:shapelayout v:ext=3D"edit">
> <o:idmap v:ext=3D"edit" data=3D"1" />
> </o:shapelayout></xml><![endif]-->
> </head>
> <body lang=3D"EN-US" link=3D"blue" vlink=3D"purple">
> <div class=3D"WordSection1">
> <p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
> libri&quot;,sans-serif;color:#1F497D">To add to the conversation, the part =
> to look at with your message is the flow<o:p></o:p></span></p>
> <p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
> libri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
> <pre><span style=3D"font-size:10.5pt;color:black">Return-Path: &lt;<a href=
> =3D"mailto:[log in to unmask]">[log in to unmask]</a>&gt;<o:p></o:p><=
> /span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">Received: from <a href=3D=
> "http://mail-yw0-x244.google.com">mail-yw0-x244.google.com</a> (<a href=3D"=http://mail-yw0-x244.google.com">mail-yw0-x244.google.com</a>. [2607:f8b0:4=
> 002:c05::244])<o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
> nbsp;&nbsp;&nbsp; by <a href=3D"http://mx.google.com">mx.google.com</a> wit=
> h ESMTPS id p193si504832ybg.263.2017.02.09.05.36.05<o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
> nbsp;&nbsp;&nbsp; for &lt;<a href=3D"mailto:[log in to unmask]">efogarty=
> @beschool.org</a>&gt;<o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
> nbsp;&nbsp;&nbsp; (version=3DTLS1_2 cipher=3DECDHE-RSA-AES128-GCM-SHA256 bi=
> ts=3D128/128);<o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
> nbsp;&nbsp;&nbsp; Thu, 09 Feb 2017 05:36:05 -0800 (PST)<o:p></o:p></span></=
> pre>
> <pre><span style=3D"font-size:10.5pt;color:black">Received-SPF: neutral (<a=
>  href=3D"http://google.com">google.com</a>: 2607:f8b0:4002:c05::244 is neit=
> her permitted nor denied by best guess record for domain of <a href=3D"mail=to:[log in to unmask]">[log in to unmask]</a>) client-ip=3D2607:f8b0:=
> 4002:c05::244;<o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">Authentication-Results: <=
> a href=3D"http://mx.google.com">mx.google.com</a>;<o:p></o:p></span></pre>
> <p class=3D"MsoNormal"><span style=3D"font-size:10.5pt;color:black"><o:p>&n=
> bsp;</o:p></span></p>
> <p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
> libri&quot;,sans-serif;color:#1F497D">On quick review, this message was nev=
> er outside of googles mail servers (as someone already pointed out) based o=
> n the receiving server and authenticating server<o:p></o:p></span></p>
> <p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
> libri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
> <pre><span style=3D"font-size:10.5pt;color:black">Authentication-Results: <=
> a href=3D"http://mx.google.com">mx.google.com</a>;<o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
> nbsp;&nbsp; dkim=3Dpass header.i=3D@<a href=3D"http://beschool-org.20150623=
> .gappssmtp.com">beschool-org.20150623.gappssmtp.com</a>;<o:p></o:p></span><=
> /pre>
> <p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
> libri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
> <p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
> libri&quot;,sans-serif;color:#1F497D">To me, it looks like someone gained a=
> ccess to the users account credentials and sent the email as if they were t=
> he user through either Gmail direct or a client-side
>  mail program. I would advise you to set up both your MX and SPF records wi=
> th your DNS provider as it looks like you don=E2=80=99t currently have this=
>  configured and could be spoofed (mail sent to others as if it originated b=
> y a user in your domain). Hope this helps.<o:p></o:p></span></p>
> <p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
> libri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
> <p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
> libri&quot;,sans-serif;color:#1F497D">Rob Carter<o:p></o:p></span></p>
> <p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
> libri&quot;,sans-serif;color:#1F497D">WCSU Technology<o:p></o:p></span></p>
> <p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
> libri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
> <p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
> libri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
> <p class=3D"MsoNormal"><b><span style=3D"font-size:11.0pt;font-family:&quot=
> ;Calibri&quot;,sans-serif">From:</span></b><span style=3D"font-size:11.0pt;=
> font-family:&quot;Calibri&quot;,sans-serif"> School Information Technology =
> Discussion [mailto:[log in to unmask]]
> <b>On Behalf Of </b>Edith Fogarty<br>
> <b>Sent:</b> Friday, February 10, 2017 9:43 AM<br>
> <b>To:</b> [log in to unmask]<br>
> <b>Subject:</b> Re: Suggestions for rogue emails<o:p></o:p></span></p>
> <p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
> <div>
> <p class=3D"MsoNormal">Forgive my ignorance, but what can I tell from the h=
> eaders?&nbsp; I can honestly say that I don't even know what part is the &q=
> uot;header.&quot; &nbsp;Below is what I received.<o:p></o:p></p>
> <div>
> <p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
> </div>
> <div>
> <pre id=3D"gmail-raw_message_text"><span style=3D"font-size:10.5pt;color:bl=
> ack">Delivered-To: <a href=3D"mailto:[log in to unmask]">[log in to unmask]</a><o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">Received: by 10.157.12.15=
> 5 with SMTP id b27csp265855otb;<o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
> nbsp;&nbsp;&nbsp; Thu, 9 Feb 2017 05:36:05 -0800 (PST)<o:p></o:p></span></p=
> re>
> <pre><span style=3D"font-size:10.5pt;color:black">X-Received: by 10.129.118=
> .77 with SMTP id j13mr2242697ywk.270.1486647365266;<o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
> nbsp;&nbsp;&nbsp; Thu, 09 Feb 2017 05:36:05 -0800 (PST)<o:p></o:p></span></=
> pre>
> <pre><span style=3D"font-size:10.5pt;color:black">Return-Path: &lt;<a href=
> =3D"mailto:[log in to unmask]">[log in to unmask]</a>&gt;<o:p></o:p><=
> /span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">Received: from <a href=3D=
> "http://mail-yw0-x244.google.com">mail-yw0-x244.google.com</a> (<a href=3D"=http://mail-yw0-x244.google.com">mail-yw0-x244.google.com</a>. [2607:f8b0:4=
> 002:c05::244])<o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
> nbsp;&nbsp;&nbsp; by <a href=3D"http://mx.google.com">mx.google.com</a> wit=
> h ESMTPS id p193si504832ybg.263.2017.02.09.05.36.05<o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
> nbsp;&nbsp;&nbsp; for &lt;<a href=3D"mailto:[log in to unmask]">efogarty=
> @beschool.org</a>&gt;<o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
> nbsp;&nbsp;&nbsp; (version=3DTLS1_2 cipher=3DECDHE-RSA-AES128-GCM-SHA256 bi=
> ts=3D128/128);<o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
> nbsp;&nbsp;&nbsp; Thu, 09 Feb 2017 05:36:05 -0800 (PST)<o:p></o:p></span></=
> pre>
> <pre><span style=3D"font-size:10.5pt;color:black">Received-SPF: neutral (<a=
>  href=3D"http://google.com">google.com</a>: 2607:f8b0:4002:c05::244 is neit=
> her permitted nor denied by best guess record for domain of <a href=3D"mail=to:[log in to unmask]">[log in to unmask]</a>) client-ip=3D2607:f8b0:=
> 4002:c05::244;<o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">Authentication-Results: <=
> a href=3D"http://mx.google.com">mx.google.com</a>;<o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
> nbsp;&nbsp; dkim=3Dpass header.i=3D@<a href=3D"http://beschool-org.20150623=
> .gappssmtp.com">beschool-org.20150623.gappssmtp.com</a>;<o:p></o:p></span><=
> /pre>
> <pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
> nbsp;&nbsp; spf=3Dneutral (<a href=3D"http://google.com">google.com</a>: 26=
> 07:f8b0:4002:c05::244 is neither permitted nor denied by best guess record =
> for domain of <a href=3D"mailto:[log in to unmask]">[log in to unmask]
> g</a>) smtp.mailfrom=3D<a href=3D"mailto:[log in to unmask]">[log in to unmask]</a><o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">Received: by <a href=3D"h=
> ttp://mail-yw0-x244.google.com">mail-yw0-x244.google.com</a> with SMTP id u=
> 68so284402ywg.0<o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
> nbsp;&nbsp;&nbsp; for &lt;<a href=3D"mailto:[log in to unmask]">efogarty=
> @beschool.org</a>&gt;; Thu, 09 Feb 2017 05:36:05 -0800 (PST)<o:p></o:p></sp=
> an></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">DKIM-Signature: v=3D1; a=
> =3Drsa-sha256; c=3Drelaxed/relaxed;<o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
> nbsp;&nbsp;&nbsp; d=3D<a href=3D"http://beschool-org.20150623.gappssmtp.com=
> ">beschool-org.20150623.gappssmtp.com</a>; s=3D20150623;<o:p></o:p></span><=
> /pre>
> <pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
> nbsp;&nbsp;&nbsp; h=3Dmime-version:from:date:message-id:subject:to;<o:p></o=
> :p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
> nbsp;&nbsp;&nbsp; bh=3Dp8Q4mmR&#43;ZloPt9MxTFU4D0BK5NEE720i2AzPZhYs5ts=3D;<=
> o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp; &nbsp;=
> &nbsp;&nbsp;&nbsp;b=3Dst87TXF/ZxLcW7kIQZn&#43;sBP4CdwcPjxDGzme9bau3NMOwANTB=
> IrDeM/9wDjVZR2knW<o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
> nbsp;&nbsp;&nbsp;&nbsp; SbIROFvItRmOo2svQ/jXdNAu8r17xM0A/0zioX58PdORI/mqSR9=
> Zog&#43;b9oy&#43;jo5KUAnd<o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
> nbsp;&nbsp;&nbsp;&nbsp; sX5vxcW8Gec4a&#43;Ls4eqKS&#43;WsRDugYZIqKjFx4NQR5ks=
> DZvVWNmh16izB0TGlOIAS&#43;CO7<o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
> nbsp;&nbsp;&nbsp;&nbsp; Ztp2P17vI9TOy9HaSVVNvNyiQZO5FqwkLdprdrjy0UqKjAaM7yj=
> gIU1b7qQLeyHDv/Ln<o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
> nbsp;&nbsp;&nbsp;&nbsp; sHb9yM/WGC4XPEprUml9D3keYU25MMsuOCdN4vQ97tKOkCVPqcH=
> FnipUc7Fig19mqiG4<o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
> nbsp;&nbsp;&nbsp;&nbsp; GU/A=3D=3D<o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">X-Google-DKIM-Signature: =
> v=3D1; a=3Drsa-sha256; c=3Drelaxed/relaxed;<o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
> nbsp;&nbsp;&nbsp; d=3D<a href=3D"http://1e100.net">1e100.net</a>; s=3D20161=
> 025;<o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
> nbsp;&nbsp;&nbsp; h=3Dx-gm-message-state:mime-version:from:date:message-id:=
> subject:to;<o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
> nbsp;&nbsp;&nbsp; bh=3Dp8Q4mmR&#43;ZloPt9MxTFU4D0BK5NEE720i2AzPZhYs5ts=3D;<=
> o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
> nbsp;&nbsp;&nbsp; b=3DgDgAnHh7seW5/ZpkNZH2tJGiRsDkAqkyCalfsM&#43;XyV/3FSk&#=
> 43;C1Hk88LAKPuGhhdoyD<o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
> nbsp;&nbsp;&nbsp;&nbsp; 92OjwtonWKrGdA0QlAnZ6xm7Ki&#43;&#43;21Qk1HjiGsgfsxn=
> tQb9c2ty99k6lNX/BKuOYAz9b<o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
> nbsp;&nbsp;&nbsp;&nbsp; SyGR/MjJPPFV&#43;1ttJ5dPW9nYtHoIJAwbFxM15mu8i5d0aXB=
> njIjvnwHic3zAwhU6a1pK<o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
> nbsp;&nbsp;&nbsp;&nbsp; zaxJuhp/B1rbeAHCAhNeQxNliRQirPRImYU8IFuf0i1/OHQwDca=
> KIM1cW1BiSWl3Rej5<o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
> nbsp;&nbsp;&nbsp;&nbsp; 5GfucJbUpPmNyo0/dIoakgJ4AKoKcAu5IlCj5wtuvljJIB0foXf=
> gNQ/ZH8Ve9kB0CNfg<o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
> nbsp;&nbsp;&nbsp;&nbsp; Ji4Q=3D=3D<o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">X-Gm-Message-State: AMke3=
> 9meRKrQIlBCi/b1td&#43;HPKj1LNmo6fARAfngy0QKa4QBRglJK37maSp67CZvRG3jUVcoyfPq=
> /Ci&#43;Axh&#43;k7cPbGo=3D<o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">X-Received: by 10.129.152=
> .77 with SMTP id p74mr2064320ywg.177.1486647364611; Thu, 09 Feb 2017 05:36:=
> 04 -0800 (PST)<o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">MIME-Version: 1.0<o:p></o=
> :p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">Received: by 10.37.123.7 =
> with HTTP; Thu, 9 Feb 2017 05:36:01 -0800 (PST)<o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">From: Cathy Roberts &lt;<=
> a href=3D"mailto:[log in to unmask]">[log in to unmask]</a>&gt;<o:p><=
> /o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">Date: Thu, 9 Feb 2017 05:=
> 36:01 -0800<o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">Message-ID: &lt;<a href=
> =3D"mailto:[log in to unmask]
> .com">CAPw&#43;[log in to unmask]
> m</a>&gt;<o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">Subject: Secured Message<=
> o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">To: undisclosed-recipient=
> s:;<o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">Content-Type: multipart/m=
> ixed; boundary=3D94eb2c0bbf5613479005481910fc<o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">Bcc: <a href=3D"mailto:[log in to unmask]">[log in to unmask]</a><o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black"><o:p>&nbsp;</o:p></span><=
> /pre>
> <pre><span style=3D"font-size:10.5pt;color:black">--94eb2c0bbf5613479005481=
> 910fc<o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">Content-Type: multipart/a=
> lternative; boundary=3D94eb2c0bbf5613478b05481910fa<o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black"><o:p>&nbsp;</o:p></span><=
> /pre>
> <pre><span style=3D"font-size:10.5pt;color:black">--94eb2c0bbf5613478b05481=
> 910fa<o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">Content-Type: text/plain;=
>  charset=3DUTF-8<o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black"><o:p>&nbsp;</o:p></span><=
> /pre>
> <pre><span style=3D"font-size:10.5pt;color:black">Please see attached docum=
> ent for your review.<o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black"><o:p>&nbsp;</o:p></span><=
> /pre>
> <pre><span style=3D"font-size:10.5pt;color:black"><o:p>&nbsp;</o:p></span><=
> /pre>
> <pre><span style=3D"font-size:10.5pt;color:black">Thanks<o:p></o:p></span><=
> /pre>
> <pre><span style=3D"font-size:10.5pt;color:black"><o:p>&nbsp;</o:p></span><=
> /pre>
> <pre><span style=3D"font-size:10.5pt;color:black">--94eb2c0bbf5613478b05481=
> 910fa<o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">Content-Type: text/html; =
> charset=3DUTF-8<o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">Content-Transfer-Encoding=
> : quoted-printable<o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black"><o:p>&nbsp;</o:p></span><=
> /pre>
> <pre><span style=3D"font-size:10.5pt;color:black">&lt;div dir=3D3D&quot;ltr=
> &quot;&gt;&lt;span style=3D3D&quot;font-size:12.8px;line-height:normal&quot=
> ;&gt;Please=3D<o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black"> see attached document fo=
> r your review.&lt;/span&gt;&lt;br style=3D3D&quot;font-size:12.8px=3D<o:p><=
> /o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">;line-height:normal&quot;=
> &gt;&lt;br style=3D3D&quot;font-size:12.8px;line-height:normal&quot;&gt;&lt=
> ;br =3D<o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">style=3D3D&quot;font-size=
> :12.8px;line-height:normal&quot;&gt;&lt;span style=3D3D&quot;font-size:12.8=
> =3D<o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">px;line-height:normal&quo=
> t;&gt;Thanks&lt;/span&gt;&lt;br&gt;&lt;/div&gt;<o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black"><o:p>&nbsp;</o:p></span><=
> /pre>
> <pre><span style=3D"font-size:10.5pt;color:black">--94eb2c0bbf5613478b05481=
> 910fa--<o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">--94eb2c0bbf5613479005481=
> 910fc<o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">Content-Type: application=
> /pdf; name=3D&quot;Document2017-09-02-075055.pdf&quot;<o:p></o:p></span></p=
> re>
> <pre><span style=3D"font-size:10.5pt;color:black">Content-Disposition: atta=
> chment; filename=3D&quot;Document2017-09-02-075055.pdf&quot;<o:p></o:p></sp=
> an></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">Content-Transfer-Encoding=
> : base64<o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black">X-Attachment-Id: f_iyyffr=
> 0t0<o:p></o:p></span></pre>
> <pre><span style=3D"font-size:10.5pt;color:black"><o:p>&nbsp;</o:p></span><=
> /pre>
> <pre><span style=3D"font-size:10.5pt;color:black"><o:p>&nbsp;</o:p></span><=
> /pre>
> <pre><span style=3D"font-size:10.5pt;color:black">--94eb2c0bbf5613479005481=
> 910fc--<o:p></o:p></span></pre>
> </div>
> </div>
> <div>
> <p class=3D"MsoNormal"><br clear=3D"all">
> <o:p></o:p></p>
> <div>
> <div>
> <div>
> <div>
> <div>
> <div>
> <div>
> <div>
> <div>
> <div>
> <div>
> <div>
> <div>
> <div>
> <div>
> <div>
> <div>
> <div>
> <div>
> <div>
> <div>
> <div>
> <div>
> <div>
> <p class=3D"MsoNormal">Edith Fogarty<br>
> Technology Integration Facilitator<br>
> Bradford Elementary School<br>
> 143 Fairground Rd<br>
> Bradford, VT 05033<br>
> 802.222.4077 x281<br>
> 802.222.5196 fax<o:p></o:p></p>
> </div>
> <div>
> <p class=3D"MsoNormal"><img border=3D"0" width=3D"94" height=3D"96" id=3D"_=
> x0000_i1025" src=3D"https://docs.google.com/uc?export=3Ddownload&amp;id=3D0=
> B-2BSol4TOO9UTAtMkE5MmZJQVU&amp;revid=3D0B-2BSol4TOO9NWJUNm8zc1VjU1ZmUjNJWm=
> Fpd2NCNWN5c0EwPQ <https://docs.google.com/uc?export=3Ddownload&amp;id=3D0=%0DB-2BSol4TOO9UTAtMkE5MmZJQVU&amp;revid=3D0B-2BSol4TOO9NWJUNm8zc1VjU1ZmUjNJWm=%0DFpd2NCNWN5c0EwPQ>">&nbsp;<img border=3D"0" width=3D"93" height=3D"96" id=3D"=
> _x0000_i1026" src=3D"https://docs.google.com/uc?export=3Ddownload&amp;id=3D=
> 0B-2BSol4TOO9UzBTN3dObVhWQ1k&amp;revid=3D0B-2BSol4TOO9ZEY5MG9ya0kwc1p1QktSR=
> 3lGc2YyTHEwK2o0PQ <https://docs.google.com/uc?export=3Ddownload&amp;id=3D=%0D0B-2BSol4TOO9UzBTN3dObVhWQ1k&amp;revid=3D0B-2BSol4TOO9ZEY5MG9ya0kwc1p1QktSR=%0D3lGc2YyTHEwK2o0PQ>"><o:p></o:p></p>
> </div>
> </div>
> </div>
> </div>
> </div>
> </div>
> </div>
> </div>
> </div>
> </div>
> </div>
> </div>
> </div>
> </div>
> </div>
> </div>
> </div>
> </div>
> </div>
> </div>
> </div>
> </div>
> </div>
> </div>
> <p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
> <div>
> <p class=3D"MsoNormal">On Fri, Feb 10, 2017 at 9:12 AM, Scott Grant &lt;<a =
> href=3D"mailto:[log in to unmask]" target=3D"_blank">[log in to unmask]</a>&gt;=
>  wrote:<o:p></o:p></p>
> <blockquote style=3D"border:none;border-left:solid #CCCCCC 1.0pt;padding:0i=
> n 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
> <div>
> <p class=3D"MsoNormal">Agreed.&nbsp; I've seen that actually more often.&nb=
> sp; Be sure to point out that you need the headers of the original they rec=
> eived.<o:p></o:p></p>
> </div>
> <div>
> <div>
> <div>
> <p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
> <div>
> <p class=3D"MsoNormal">On Fri, Feb 10, 2017 at 9:04 AM, David McClellan &lt=
> ;<a href=3D"mailto:[log in to unmask]" target=3D"_blank">[log in to unmask]</a>&gt; wrote:<o:p></o:p></p>
> <blockquote style=3D"border:none;border-left:solid #CCCCCC 1.0pt;padding:0i=
> n 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
> <div>
> <p class=3D"MsoNormal">Not to discount the possibility of the account being=
>  compromised, but I'm with Bill Fitzgerald here. I'd check the headers of t=
> he sent mail, I'd be willing to bet the address was spoofed. Maybe have the=
>  recipients of the email forward it
>  back to you to see what you can in the headers? <o:p></o:p></p>
> </div>
> <p class=3D"m9104320700020084147m-2468182713704057239gmailmsg">Good luck,<o=
> :p></o:p></p>
> <div>
> <div>
> <p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
> <div>
> <div>
> <p class=3D"MsoNormal">On Thu, Feb 9, 2017, 18:23 Bill Fitzgerald &lt;<a hr=
> ef=3D"mailto:[log in to unmask]" target=3D"_blank">[log in to unmask]</=
> a>&gt; wrote:<o:p></o:p></p>
> </div>
> <blockquote style=3D"border:none;border-left:solid #CCCCCC 1.0pt;padding:0i=
> n 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
> <div>
> <p class=3D"MsoNormal">Also, just so the email address can't be spoofed, ma=
> ke sure that you have SPF, DKIM, and DMARC records set up.<o:p></o:p></p>
> <div>
> <p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
> </div>
> <div>
> <p class=3D"MsoNormal">Cheers,<o:p></o:p></p>
> </div>
> <div>
> <p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
> </div>
> <div>
> <p class=3D"MsoNormal">Bill<o:p></o:p></p>
> </div>
> </div>
> <div>
> <p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
> <div>
> <p class=3D"MsoNormal">On Thu, Feb 9, 2017 at 12:55 PM, Scott Grant <span c=
> lass=3D"m9104320700020084147m-2468182713704057239gmailmsg1">
> &lt;<a href=3D"mailto:[log in to unmask]" target=3D"_blank">[log in to unmask]<=
> /a>&gt;</span> wrote:<o:p></o:p></p>
> <blockquote style=3D"border:none;border-left:solid #CCCCCC 1.0pt;padding:0i=
> n 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
> <div>
> <p class=3D"MsoNormal">Most of these suggestions assume Google email accoun=
> ts.&nbsp; Here's what I'd suggest to summarize:<o:p></o:p></p>
> <div>
> <p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
> </div>
> <div>
> <p class=3D"MsoNormal">Disable the account first! (already done)<o:p></o:p>=
> </p>
> </div>
> <div>
> <p class=3D"MsoNormal">Review where the account had been logged into.&nbsp;=
>  Get screen captures of the data.<o:p></o:p></p>
> </div>
> <div>
> <p class=3D"MsoNormal">Change the password.<o:p></o:p></p>
> </div>
> <div>
> <p class=3D"MsoNormal">Consider having the user leverage a second-factor fo=
> r authentication.<o:p></o:p></p>
> </div>
> <div>
> <p class=3D"MsoNormal">Reset sign in cookies as per another suggestion.<o:p=
> ></o:p></p>
> </div>
> <div>
> <p class=3D"MsoNormal">Run AV on the user's computer(s).<o:p></o:p></p>
> </div>
> <div>
> <p class=3D"MsoNormal">Ensure a level of password complexity for the new pa=
> ssword.<o:p></o:p></p>
> </div>
> <div>
> <p class=3D"MsoNormal">Re-enable the account.<o:p></o:p></p>
> </div>
> <div>
> <p class=3D"MsoNormal">Review their Sent messages and ALL Mail views.&nbsp;=
>  Also ensure they are receiving emails correctly.&nbsp; Sometimes hackers w=
> ill add a rule to GMail&nbsp;to archive all inbound messages.&nbsp; This wa=
> y, the owner doesn't see the delivery failures, etc.<o:p></o:p></p>
> </div>
> <div>
> <p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
> </div>
> <div>
> <p class=3D"MsoNormal">Verify where they access their email from.&nbsp; Is =
> it from home as well on a different computer?&nbsp; Suggest they run AV the=
> re as well.<o:p></o:p></p>
> </div>
> <div>
> <p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
> </div>
> <div>
> <p class=3D"MsoNormal">That's the basics. &nbsp;<o:p></o:p></p>
> </div>
> <div>
> <p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
> </div>
> <div>
> <p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
> </div>
> </div>
> <div>
> <div>
> <div>
> <p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
> <div>
> <p class=3D"MsoNormal">On Thu, Feb 9, 2017 at 10:06 AM, Christine Gibson <s=
> pan class=3D"m9104320700020084147m-2468182713704057239gmailmsg1">
> &lt;<a href=3D"mailto:[log in to unmask]" target=3D"_blank">[log in to unmask]<=
> /a>&gt;</span> wrote:<o:p></o:p></p>
> <blockquote style=3D"border:none;border-left:solid #CCCCCC 1.0pt;padding:0i=
> n 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
> <div>
> <p class=3D"MsoNormal">I would also suggest that you reset the sign-in cook=
> ies.&nbsp; This will kick out anyone who may have been signed into the acco=
> unt.&nbsp; Simply changing the password does not terminate all current sess=
> ions.&nbsp; You can find the switch to reset the
>  sign-in cookies under Account in the Google Admin Console.<o:p></o:p></p>
> </div>
> <div>
> <p class=3D"MsoNormal"><span style=3D"color:#888888"><br clear=3D"all">
> <span class=3D"m9104320700020084147m-2468182713704057239m148401759032975060=
> 3m432645824362608678m-5775518676933508011hoenzb"><o:p></o:p></span></span><=
> /p>
> <div>
> <div>
> <div>
> <div>
> <div>
> <div>
> <div>
> <div>
> <div>
> <div>
> <div>
> <p class=3D"MsoNormal"><b><span style=3D"color:#444444">Christine Gibson<br=
> >
> </span></b><span style=3D"color:#888888"><br>
> </span><b><i><span style=3D"color:#0B5394">PowerSchool Data Manager</span><=
> /i></b><o:p></o:p></p>
> </div>
> <div>
> <p class=3D"MsoNormal"><span style=3D"color:#666666">49 Charles Avenue<br>
> Middlebury, VT 05753<br>
> <a href=3D"mailto:[log in to unmask]" target=3D"_blank"><b>[log in to unmask]</=
> b></a><br>
> <a href=3D"tel:(802)%20382-1720" target=3D"_blank">802-382-1720 <(802)%20382-1720></a></span><=
> span style=3D"color:#888888"><o:p></o:p></span></p>
> </div>
> </div>
> </div>
> </div>
> </div>
> </div>
> </div>
> </div>
> </div>
> </div>
> </div>
> <div>
> <div>
> <p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
> <div>
> <p class=3D"MsoNormal">On Thu, Feb 9, 2017 at 10:01 AM, Raymond Ballou <spa=
> n class=3D"m9104320700020084147m-2468182713704057239gmailmsg1">
> &lt;<a href=3D"mailto:[log in to unmask]" target=3D"_blank">[log in to unmask]
> g</a>&gt;</span> wrote:<o:p></o:p></p>
> <blockquote style=3D"border:none;border-left:solid #CCCCCC 1.0pt;padding:0i=
> n 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
> <div>
> <div>
> <div>
> <div>
> <p class=3D"MsoNormal">Edith<o:p></o:p></p>
> </div>
> <div>
> <p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
> </div>
> <div>
> <p class=3D"MsoNormal">Not sure why it doesn't list change password, but he=
> re are the suggestions from Google.<o:p></o:p></p>
> </div>
> <div>
> <p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
> </div>
> <div>
> <p class=3D"MsoNormal"><a href=3D"https://support.google.com/a/answer/29843=
> 49?hl=3Den <https://support.google.com/a/answer/29843=%0D49?hl=3Den>" target=3D"_blank">https://support.google.com/a/answer/2984349?h=
> l=3Den <https://support.google.com/a/answer/2984349?h=%0Dl=3Den></a><o:p></o:p></p>
> </div>
> <div>
> <p class=3D"MsoNormal"><span style=3D"color:#888888"><o:p>&nbsp;</o:p></spa=
> n></p>
> </div>
> <div>
> <p class=3D"MsoNormal"><span style=3D"color:#888888"><o:p>&nbsp;</o:p></spa=
> n></p>
> </div>
> <div>
> <p class=3D"MsoNormal"><span style=3D"color:#888888">R<o:p></o:p></span></p=
> >
> </div>
> </div>
> </div>
> </div>
> <div>
> <div>
> <p class=3D"m9104320700020084147m-2468182713704057239gmailmsg">------------=
> -----------------------------------------------------------<o:p></o:p></p>
> <p class=3D"m9104320700020084147m-2468182713704057239gmailmsg"><a href=3D"h=
> ttp://list.uvm.edu/archives/school-it.html" target=3D"_blank">Search
> </a>the SCHOOL-IT Archive<o:p></o:p></p>
> <p class=3D"m9104320700020084147m-2468182713704057239gmailmsg"><a href=3D"h=
> ttp://list.uvm.edu/cgi-bin/wa?SUBED1=3DSCHOOL-IT&amp;A=3D1" target=3D"_blan=
> k">Manage</a> your Subscription to SCHOOL-IT<o:p></o:p></p>
> </div>
> </div>
> </blockquote>
> </div>
> <p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
> </div>
> </div>
> </div>
> <div>
> <div>
> <p class=3D"m9104320700020084147m-2468182713704057239gmailmsg">------------=
> -----------------------------------------------------------<o:p></o:p></p>
> <p class=3D"m9104320700020084147m-2468182713704057239gmailmsg"><a href=3D"h=
> ttp://list.uvm.edu/archives/school-it.html" target=3D"_blank">Search
> </a>the SCHOOL-IT Archive<o:p></o:p></p>
> <p class=3D"m9104320700020084147m-2468182713704057239gmailmsg"><a href=3D"h=
> ttp://list.uvm.edu/cgi-bin/wa?SUBED1=3DSCHOOL-IT&amp;A=3D1" target=3D"_blan=
> k">Manage</a> your Subscription to SCHOOL-IT<o:p></o:p></p>
> </div>
> </div>
> </blockquote>
> </div>
> <p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
> </div>
> <p class=3D"m9104320700020084147m-2468182713704057239gmailmsg">------------=
> -----------------------------------------------------------<o:p></o:p></p>
> <p class=3D"m9104320700020084147m-2468182713704057239gmailmsg"><a href=3D"h=
> ttp://list.uvm.edu/archives/school-it.html" target=3D"_blank">Search
> </a>the SCHOOL-IT Archive<o:p></o:p></p>
> <p class=3D"m9104320700020084147m-2468182713704057239gmailmsg"><a href=3D"h=
> ttp://list.uvm.edu/cgi-bin/wa?SUBED1=3DSCHOOL-IT&amp;A=3D1" target=3D"_blan=
> k">Manage</a> your Subscription to SCHOOL-IT<o:p></o:p></p>
> </div>
> </div>
> </blockquote>
> </div>
> <p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
> </div>
> <p class=3D"m9104320700020084147m-2468182713704057239gmailmsg">------------=
> -----------------------------------------------------------<o:p></o:p></p>
> <p class=3D"m9104320700020084147m-2468182713704057239gmailmsg"><a href=3D"h=
> ttp://list.uvm.edu/archives/school-it.html" target=3D"_blank">Search
> </a>the SCHOOL-IT Archive<o:p></o:p></p>
> <p class=3D"m9104320700020084147m-2468182713704057239gmailmsg"><a href=3D"h=
> ttp://list.uvm.edu/cgi-bin/wa?SUBED1=3DSCHOOL-IT&amp;A=3D1" target=3D"_blan=
> k">Manage</a> your Subscription to SCHOOL-IT<o:p></o:p></p>
> </blockquote>
> </div>
> </div>
> </div>
> <div>
> <p class=3D"MsoNormal"><span style=3D"color:#888888">-- <o:p></o:p></span><=
> /p>
> </div>
> <div>
> <div>
> <div>
> <p class=3D"MsoNormal"><span style=3D"font-size:9.5pt;font-family:&quot;Ari=
> al&quot;,sans-serif;color:#666666">David McClellan</span><span style=3D"fon=
> t-size:9.5pt;font-family:&quot;Arial&quot;,sans-serif;color:#222222"><o:p><=
> /o:p></span></p>
> </div>
> <div>
> <p class=3D"MsoNormal"><span style=3D"font-size:7.5pt;font-family:&quot;Ari=
> al&quot;,sans-serif;color:#666666">Technology Support Specialist</span><spa=
> n style=3D"font-size:9.5pt;font-family:&quot;Arial&quot;,sans-serif;color:#=
> 222222"><o:p></o:p></span></p>
> </div>
> <div>
> <p class=3D"MsoNormal"><span style=3D"font-size:7.5pt;font-family:&quot;Ari=
> al&quot;,sans-serif;color:#666666">Chittenden East Supervisory Union</span>=
> <span style=3D"font-size:9.5pt;font-family:&quot;Arial&quot;,sans-serif;col=
> or:#222222"><o:p></o:p></span></p>
> </div>
> <div>
> <p class=3D"MsoNormal"><span style=3D"font-size:7.5pt;font-family:&quot;Ari=
> al&quot;,sans-serif;color:#666666">Mobile:
> <a href=3D"tel:(802)%20458-7327" target=3D"_blank">(802) 458 - 7327</a></sp=
> an><span style=3D"font-size:9.5pt;font-family:&quot;Arial&quot;,sans-serif;=
> color:#222222"><o:p></o:p></span></p>
> </div>
> <div>
> <p class=3D"MsoNormal"><span style=3D"font-size:7.5pt;font-family:&quot;Ari=
> al&quot;,sans-serif;color:#666666">Backup Mobile:
> <a href=3D"tel:(802)%20448-0329" target=3D"_blank">(802) 448 - 0329</a></sp=
> an><span style=3D"font-size:9.5pt;font-family:&quot;Arial&quot;,sans-serif;=
> color:#222222"><o:p></o:p></span></p>
> </div>
> </div>
> </div>
> <p class=3D"MsoNormal"><span class=3D"m9104320700020084147hoenzb"><span sty=
> le=3D"color:#888888"><o:p>&nbsp;</o:p></span></span></p>
> <p><span style=3D"color:#888888">This e-mail may contain information protec=
> ted under the Family Educational Rights and Privacy Act (FERPA). If this e-=
> mail contains student information and you are not entitled to access such i=
> nformation under FERPA, please notify
>  the sender. Federal regulations require that you destroy this e-mail witho=
> ut reviewing it and you may not forward it to anyone.&nbsp;</span><o:p></o:=
> p></p>
> <div>
> <div>
> <p>-----------------------------------------------------------------------<=
> o:p></o:p></p>
> <p><a href=3D"http://list.uvm.edu/archives/school-it.html" target=3D"_blank=
> ">Search </a>
> the SCHOOL-IT Archive<o:p></o:p></p>
> <p><a href=3D"http://list.uvm.edu/cgi-bin/wa?SUBED1=3DSCHOOL-IT&amp;A=3D1" =
> target=3D"_blank">Manage</a> your Subscription to SCHOOL-IT<o:p></o:p></p>
> </div>
> </div>
> </blockquote>
> </div>
> <p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
> </div>
> <p>-----------------------------------------------------------------------<=
> o:p></o:p></p>
> <p><a href=3D"http://list.uvm.edu/archives/school-it.html" target=3D"_blank=
> ">Search </a>
> the SCHOOL-IT Archive<o:p></o:p></p>
> <p><a href=3D"http://list.uvm.edu/cgi-bin/wa?SUBED1=3DSCHOOL-IT&amp;A=3D1" =
> target=3D"_blank">Manage</a> your Subscription to SCHOOL-IT<o:p></o:p></p>
> </div>
> </div>
> </blockquote>
> </div>
> <p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
> </div>
> <p class=3D"MsoNormal"><br>
> <strong><span style=3D"color:#222222">CONFIDENTIALITY NOTE:</span></strong>=
> <span style=3D"color:#222222">&nbsp;The information transmitted, including =
> attachments, is intended only for the person(s) or entity to which it is ad=
> dressed and may contain confidential and/or
>  privileged material. Any review, retransmission, dissemination or other us=
> e of, or taking of any action in reliance upon this information by persons =
> or entities other than the intended recipient is prohibited. If you receive=
> d this in error, please contact
>  the sender and destroy any copies of this information.</span> <o:p></o:p><=
> /p>
> <p>-----------------------------------------------------------------------<=
> o:p></o:p></p>
> <p><a href=3D"http://list.uvm.edu/archives/school-it.html">Search </a>the S=
> CHOOL-IT Archive<o:p></o:p></p>
> <p><a href=3D"http://list.uvm.edu/cgi-bin/wa?SUBED1=3DSCHOOL-IT&amp;A=3D1">=
> Manage</a> your Subscription to SCHOOL-IT<o:p></o:p></p>
> </div>
> </body>
> </html>
> <p>-----------------------------------------------------------------------<=
> /p>
> <p><A HREF=3D"http://list.uvm.edu/archives/school-it.html"> Search </a> the=
>   SCHOOL-IT Archive</p>
> <p><A HREF=3D"http://list.uvm.edu/cgi-bin/wa?SUBED1=3DSCHOOL-IT&A=3D1"> Man=
> age</a> your Subscription to SCHOOL-IT</p>
> --_000_f41eadc420624eaaac2188dfbdf1c2f2WCSUMAIL13U32ORG_--
>
>
> On Fri, Feb 10, 2017 at 11:05 AM Robert Carter <[log in to unmask]> wrote:
>
> To add to the conversation, the part to look at with your message is the
> flow
>
>
>
> Return-Path: <crobert[log in to unmask]>
>
> Received: from mail-yw0-x244.google.com (mail-yw0-x244.google.com. [2607:f8b0:4002:c05::244])
>
>         by mx.google.com with ESMTPS id p193si504832ybg.263.2017.02.09.05.36.05
>
>         for <[log in to unmask]>
>
>         (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
>
>         Thu, 09 Feb 2017 05:36:05 -0800 (PST)
>
> Received-SPF: neutral (google.com: 2607:f8b0:4002:c05::244 is neither permitted nor denied by best guess record for domain of [log in to unmask]) client-ip=2607:f8b0:4002:c05::244;
>
> Authentication-Results: mx.google.com;
>
>
>
> On quick review, this message was never outside of googles mail servers
> (as someone already pointed out) based on the receiving server and
> authenticating server
>
>
>
> Authentication-Results: mx.google.com;
>
>        dkim=pass [log in to unmask];
>
>
>
> To me, it looks like someone gained access to the users account
> credentials and sent the email as if they were the user through either
> Gmail direct or a client-side mail program. I would advise you to set up
> both your MX and SPF records with your DNS provider as it looks like you
> don’t currently have this configured and could be spoofed (mail sent to
> others as if it originated by a user in your domain). Hope this helps.
>
>
>
> Rob Carter
>
> WCSU Technology
>
>
>
>
>
> *From:* School Information Technology Discussion [mailto:
> [log in to unmask]] *On Behalf Of *Edith Fogarty
> *Sent:* Friday, February 10, 2017 9:43 AM
> *To:* [log in to unmask]
> *Subject:* Re: Suggestions for rogue emails
>
>
>
> Forgive my ignorance, but what can I tell from the headers?  I can
> honestly say that I don't even know what part is the "header."  Below is
> what I received.
>
>
>
> Delivered-To: [log in to unmask]
>
> Received: by 10.157.12.155 with SMTP id b27csp265855otb;
>
>         Thu, 9 Feb 2017 05:36:05 -0800 (PST)
>
> X-Received: by 10.129.118.77 with SMTP id j13mr2242697ywk.270.1486647365266;
>
>         Thu, 09 Feb 2017 05:36:05 -0800 (PST)
>
> Return-Path: <[log in to unmask]>
>
> Received: from mail-yw0-x244.google.com (mail-yw0-x244.google.com. [2607:f8b0:4002:c05::244])
>
>         by mx.google.com with ESMTPS id p193si504832ybg.263.2017.02.09.05.36.05
>
>         for <[log in to unmask]>
>
>         (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
>
>         Thu, 09 Feb 2017 05:36:05 -0800 (PST)
>
> Received-SPF: neutral (google.com: 2607:f8b0:4002:c05::244 is neither permitted nor denied by best guess record for domain of [log in to unmask]) client-ip=2607:f8b0:4002:c05::244;
>
> --

Larry Dougher
CIO
Windsor Southeast SU