I agree with everyone about the importance of SPF and DKIM, it really helps with spoofing. And it is not that hard to do.


On Fri, Feb 10, 2017, 1:42 PM Michael Norkun <[log in to unmask]> wrote:
You could do a bit more detective work and look at the original message to get some clues. 
here is the previous email's original state...

While that may look like gibberish, there is a world of information in there. 
Right from the get go you see my email, gmail servers i used to get this...two of them....etc. The header just shows you who what when where of the SMTP. 

Below I get more google info about how this message was rated, in terms of spam phising...etc. What the SPF rating was/is along the way. 
Basically the header gives me info about who sent it and how google...or whichever mail server, dealt with it. If it was part of a spoof you'd get clues in here. 

It seems like you took the first steps of suspending the account. Definitely log them out of everywhere, all apps, all instances of chrome, gSuite...etc, clear caches and cookies, but clear them to a log that you can analyze. Then take a look at the users primary machine network logs, or you own network logs to see if ti was compromised at school. If not, the user may have been compromised outside of school. It look like the user  put their email and or password in somewhere they shouldn't  have. Or left them selves logged in for someone else to get. Either way their account needs some attention. 

Good luck. 


Delivered-To: [log in to unmask]
Received: by 10.157.6.130 with SMTP id 2csp523596otx;
        Fri, 10 Feb 2017 08:05:32 -0800 (PST)
X-Received: by 10.159.38.229 with SMTP id 92mr5022228uay.102.1486742732552;
        Fri, 10 Feb 2017 08:05:32 -0800 (PST)
Return-Path: <owner-school-it*michael*-norkun**WNESU*-[log in to unmask]>
Received: from list1.uvm.edu (list1.uvm.edu. [2620:104:e001:1001::8f])
        by mx.google.com with ESMTPS id w184si632693vkf.224.2017.02.10.08.05.32
        for <[log in to unmask]>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Fri, 10 Feb 2017 08:05:32 -0800 (PST)
Received-SPF: pass (google.com: domain of owner-school-it*michael*-norkun**wnesu*-[log in to unmask] designates 2620:104:e001:1001::8f as permitted sender) client-ip=2620:104:e001:1001::8f;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of owner-school-it*michael*-norkun**wnesu*-[log in to unmask] designates 2620:104:e001:1001::8f as permitted sender) smtp.mailfrom=owner-school-it*michael*-norkun**WNESU*-[log in to unmask]
Received: from list.uvm.edu (localhost [127.0.0.1]) by list1.uvm.edu (8.14.4/8.14.4) with ESMTP id v1AFoTqH027299 for <[log in to unmask]>; Fri, 10 Feb 2017 11:05:31 -0500
Received: by LIST.UVM.EDU (LISTSERV-TCP/IP release 16.0) with spool id
          208844603 for [log in to unmask]; Fri, 10 Feb 2017 11:05:07 -0500
Precedence: bulk
Received: from plover.in-mail.uvm.edu (plover.in-mail.uvm.edu
          [132.198.101.207]) by list1.uvm.edu (8.14.4/8.14.4) with ESMTP id
          v1AG3sC1016479 for <[log in to unmask]>; Fri, 10 Feb 2017
          11:03:54 -0500
Received: from mail2.u32.org (mail2.u32.org [207.136.231.28]) by
          plover.in-mail.uvm.edu (8.14.7/8.14.7) with ESMTP id v1AG3rID161828
          (version=TLSv1/SSLv3 cipher=RC4-SHA bits=112 verify=OK) for
          <[log in to unmask]>; Fri, 10 Feb 2017 11:03:54 -0500
Received: from WCSUMAIL13.U32.ORG (192.168.0.4) by WCSUMAIL13.U32.ORG
          (192.168.0.4) with Microsoft SMTP Server (TLS) id 15.0.775.38; Fri,
          10 Feb 2017 11:03:34 -0500
Received: from WCSUMAIL13.U32.ORG ([fe80::c053:25a2:b54c:c91]) by
          WCSUMAIL13.U32.ORG ([fe80::c053:25a2:b54c:c91%16]) with mapi id
          15.00.0775.031; Fri, 10 Feb 2017 11:03:34 -0500
Thread-Topic: Suggestions for rogue emails
Thread-Index: AQHSguPwyrrDDyL11ECy5WWG1/kMK6FhF7AAgAABGICAAAGKgIAAYV+AgAApVgCAAPYUgIAAAm8AgAAIbAD//79qEA==
References: <CADnZ-RUj10uR+Za4L-y4kKEUSXPyHwp5g8v+N4+zpB-=[log in to unmask]>
            <CAE_JdWc+vN1xx=[log in to unmask]>
            <CAEhF4cCV6LQdp0qLNF=[log in to unmask]>
            <[log in to unmask]>
            <CAF9e=[log in to unmask]>
            <CA+xCPG5wXBMdDQVqo4E711oqXsfbAN+=[log in to unmask]>
            <[log in to unmask]>
            <CAF9e=[log in to unmask]>
            <CADnZ-RURExFDW2V+vYDU_kKg0Ej05D4pG7TTaL2+r1WJJZu6=[log in to unmask]>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [192.168.0.106]
Content-Type: multipart/alternative; boundary="_000_f41eadc420624eaaac2188dfbdf1c2f2WCSUMAIL13U32ORG_"
MIME-Version: 1.0
X-PureMessage-Version: 6.3.1.2588712, Antispam-Engine: 2.7.2.2107409,
                       Antispam-Data: 2017.2.10.155417
X-PMX-DKIM: none
X-PureMessage-Spam: Gauge=IIIIIIIII, Probability=9%,
                    Report=' FRAUD_ATTACH 0.05, HTML_00_01 0.05,
                    HTML_00_10 0.05, KNOWN_FREEWEB_URI 0.05,
                    SUPERLONG_LINE 0.05, BODYTEXTH_SIZE_3000_MORE 0,
                    BODY_SIZE_10000_PLUS 0, ECARD_KNOWN_DOMAINS 0, IN_REP_TO 0,
                    LEGITIMATE_SIGNS 0, MSG_THREAD 0, REFERENCES 0,
                    WEBMAIL_SOURCE 0, WEBMAIL_XOIP 0, WEBMAIL_X_IP_HDR 0,
                    __ANY_URI 0, __BOUNCE_CHALLENGE_SUBJ 0,
                    __BOUNCE_NDR_SUBJ_EXEMPT 0, __C230066_P5 0,
                    __CP_URI_IN_BODY 0, __CT 0, __CTYPE_HAS_BOUNDARY 0,
                    __CTYPE_MULTIPART 0, __CTYPE_MULTIPART_ALT 0,
                    __FRAUD_CONTACT_NUM 0, __FRAUD_MONEY_BIG_COIN 0,
                    __FRAUD_MONEY_BIG_COIN_DIG 0, __HAS_FROM 0, __HAS_MSGID 0,
                    __HAS_XOIP 0, __HTTPS_URI 0, __IN_REP_TO 0,
                    __KNOWN_FREEWEB_URI3 0, __MIME_HTML 0, __MIME_TEXT_H 0,
                    __MIME_TEXT_H1 0, __MIME_TEXT_H2 0, __MIME_TEXT_P 0,
                    __MIME_TEXT_P1 0, __MIME_TEXT_P2 0, __MIME_VERSION 0,
                    __MSGID_32HEX 0, __MULTIPLE_URI_TEXT 0, __PHISH_PHRASE2 0,
                    __PHISH_PHRASE3 0, __PHISH_SPEAR_PASSWORD_2 0,
                    __PHISH_SPEAR_REASONS 0, __REFERENCES 0, __SANE_MSGID 0,
                    __STOCK_PHRASE_24 0, __STOCK_PHRASE_7 0,
                    __SUBJ_ALPHA_END 0, __SUBJ_ALPHA_NEGATE 0,
                    __TO_MALFORMED_2 0, __TO_NAME 0, __TO_NAME_DIFF_FROM_ACC 0,
                    __TO_REAL_NAMES 0, __URI_IN_BODY 0, __URI_NO_WWW 0,
                    __URI_NS , __URI_WITH_PATH 0'
Message-ID: <[log in to unmask]>
Date: Fri, 10 Feb 2017 16:03:34 +0000
Reply-To: School Information Technology Discussion <[log in to unmask]>
Sender: School Information Technology Discussion <[log in to unmask]>
From: Robert Carter <[log in to unmask]>
Subject: Re: Suggestions for rogue emails
To: [log in to unmask]
In-Reply-To: <CADnZ-RURExFDW2V+vYDU_kKg0Ej05D4pG7TTaL2+r1WJJZu6=[log in to unmask]>
List-Help: <http://list.uvm.edu/cgi-bin/wa?LIST=SCHOOL-IT>,
           <mailto:[log in to unmask]?body=INFO%20SCHOOL-IT>
List-Unsubscribe: <mailto:[log in to unmask]>
List-Subscribe: <mailto:[log in to unmask]>
List-Owner: <mailto:[log in to unmask]>
List-Archive: <http://list.uvm.edu/cgi-bin/wa?LIST=SCHOOL-IT>

--_000_f41eadc420624eaaac2188dfbdf1c2f2WCSUMAIL13U32ORG_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

VG8gYWRkIHRvIHRoZSBjb252ZXJzYXRpb24sIHRoZSBwYXJ0IHRvIGxvb2sgYXQgd2l0aCB5b3Vy
IG1lc3NhZ2UgaXMgdGhlIGZsb3cNCg0KDQpSZXR1cm4tUGF0aDogPGNyb2JlcnRzQGJlc2Nob29s
Lm9yZzxtYWlsdG86Y3JvYmVydHNAYmVzY2hvb2wub3JnPj4NCg0KUmVjZWl2ZWQ6IGZyb20gbWFp
bC15dzAteDI0NC5nb29nbGUuY29tPGh0dHA6Ly9tYWlsLXl3MC14MjQ0Lmdvb2dsZS5jb20+ICht
YWlsLXl3MC14MjQ0Lmdvb2dsZS5jb208aHR0cDovL21haWwteXcwLXgyNDQuZ29vZ2xlLmNvbT4u
IFsyNjA3OmY4YjA6NDAwMjpjMDU6OjI0NF0pDQoNCiAgICAgICAgYnkgbXguZ29vZ2xlLmNvbTxo
dHRwOi8vbXguZ29vZ2xlLmNvbT4gd2l0aCBFU01UUFMgaWQgcDE5M3NpNTA0ODMyeWJnLjI2My4y
MDE3LjAyLjA5LjA1LjM2LjA1DQoNCiAgICAgICAgZm9yIDxlZm9nYXJ0eUBiZXNjaG9vbC5vcmc8
bWFpbHRvOmVmb2dhcnR5QGJlc2Nob29sLm9yZz4+DQoNCiAgICAgICAgKHZlcnNpb249VExTMV8y
IGNpcGhlcj1FQ0RIRS1SU0EtQUVTMTI4LUdDTS1TSEEyNTYgYml0cz0xMjgvMTI4KTsNCg0KICAg
ICAgICBUaHUsIDA5IEZlYiAyMDE3IDA1OjM2OjA1IC0wODAwIChQU1QpDQoNClJlY2VpdmVkLVNQ
RjogbmV1dHJhbCAoZ29vZ2xlLmNvbTxodHRwOi8vZ29vZ2xlLmNvbT46IDI2MDc6ZjhiMDo0MDAy
OmMwNTo6MjQ0IGlzIG5laXRoZXIgcGVybWl0dGVkIG5vciBkZW5pZWQgYnkgYmVzdCBndWVzcyBy
ZWNvcmQgZm9yIGRvbWFpbiBvZiBjcm9iZXJ0c0BiZXNjaG9vbC5vcmc8bWFpbHRvOmNyb2JlcnRz
QGJlc2Nob29sLm9yZz4pIGNsaWVudC1pcD0yNjA3OmY4YjA6NDAwMjpjMDU6OjI0NDsNCg0KQXV0
aGVudGljYXRpb24tUmVzdWx0czogbXguZ29vZ2xlLmNvbTxodHRwOi8vbXguZ29vZ2xlLmNvbT47
DQoNCk9uIHF1aWNrIHJldmlldywgdGhpcyBtZXNzYWdlIHdhcyBuZXZlciBvdXRzaWRlIG9mIGdv
b2dsZXMgbWFpbCBzZXJ2ZXJzIChhcyBzb21lb25lIGFscmVhZHkgcG9pbnRlZCBvdXQpIGJhc2Vk
IG9uIHRoZSByZWNlaXZpbmcgc2VydmVyIGFuZCBhdXRoZW50aWNhdGluZyBzZXJ2ZXINCg0KDQpB
dXRoZW50aWNhdGlvbi1SZXN1bHRzOiBteC5nb29nbGUuY29tPGh0dHA6Ly9teC5nb29nbGUuY29t
PjsNCg0KICAgICAgIGRraW09cGFzcyBoZWFkZXIuaT1AYmVzY2hvb2wtb3JnLjIwMTUwNjIzLmdh
cHBzc210cC5jb208aHR0cDovL2Jlc2Nob29sLW9yZy4yMDE1MDYyMy5nYXBwc3NtdHAuY29tPjsN
Cg0KVG8gbWUsIGl0IGxvb2tzIGxpa2Ugc29tZW9uZSBnYWluZWQgYWNjZXNzIHRvIHRoZSB1c2Vy
cyBhY2NvdW50IGNyZWRlbnRpYWxzIGFuZCBzZW50IHRoZSBlbWFpbCBhcyBpZiB0aGV5IHdlcmUg
dGhlIHVzZXIgdGhyb3VnaCBlaXRoZXIgR21haWwgZGlyZWN0IG9yIGEgY2xpZW50LXNpZGUgbWFp
bCBwcm9ncmFtLiBJIHdvdWxkIGFkdmlzZSB5b3UgdG8gc2V0IHVwIGJvdGggeW91ciBNWCBhbmQg
U1BGIHJlY29yZHMgd2l0aCB5b3VyIEROUyBwcm92aWRlciBhcyBpdCBsb29rcyBsaWtlIHlvdSBk
b27igJl0IGN1cnJlbnRseSBoYXZlIHRoaXMgY29uZmlndXJlZCBhbmQgY291bGQgYmUgc3Bvb2Zl
ZCAobWFpbCBzZW50IHRvIG90aGVycyBhcyBpZiBpdCBvcmlnaW5hdGVkIGJ5IGEgdXNlciBpbiB5
b3VyIGRvbWFpbikuIEhvcGUgdGhpcyBoZWxwcy4NCg0KUm9iIENhcnRlcg0KV0NTVSBUZWNobm9s
b2d5DQoNCg0KRnJvbTogU2Nob29sIEluZm9ybWF0aW9uIFRlY2hub2xvZ3kgRGlzY3Vzc2lvbiBb
bWFpbHRvOlNDSE9PTC1JVEBsaXN0LnV2bS5lZHVdIE9uIEJlaGFsZiBPZiBFZGl0aCBGb2dhcnR5
DQpTZW50OiBGcmlkYXksIEZlYnJ1YXJ5IDEwLCAyMDE3IDk6NDMgQU0NClRvOiBTQ0hPT0wtSVRA
TElTVC5VVk0uRURVDQpTdWJqZWN0OiBSZTogU3VnZ2VzdGlvbnMgZm9yIHJvZ3VlIGVtYWlscw0K
DQpGb3JnaXZlIG15IGlnbm9yYW5jZSwgYnV0IHdoYXQgY2FuIEkgdGVsbCBmcm9tIHRoZSBoZWFk
ZXJzPyAgSSBjYW4gaG9uZXN0bHkgc2F5IHRoYXQgSSBkb24ndCBldmVuIGtub3cgd2hhdCBwYXJ0
IGlzIHRoZSAiaGVhZGVyLiIgIEJlbG93IGlzIHdoYXQgSSByZWNlaXZlZC4NCg0KDQpEZWxpdmVy
ZWQtVG86IGVmb2dhcnR5QGJlc2Nob29sLm9yZzxtYWlsdG86ZWZvZ2FydHlAYmVzY2hvb2wub3Jn
Pg0KDQpSZWNlaXZlZDogYnkgMTAuMTU3LjEyLjE1NSB3aXRoIFNNVFAgaWQgYjI3Y3NwMjY1ODU1
b3RiOw0KDQogICAgICAgIFRodSwgOSBGZWIgMjAxNyAwNTozNjowNSAtMDgwMCAoUFNUKQ0KDQpY
LVJlY2VpdmVkOiBieSAxMC4xMjkuMTE4Ljc3IHdpdGggU01UUCBpZCBqMTNtcjIyNDI2OTd5d2su
MjcwLjE0ODY2NDczNjUyNjY7DQoNCiAgICAgICAgVGh1LCAwOSBGZWIgMjAxNyAwNTozNjowNSAt
MDgwMCAoUFNUKQ0KDQpSZXR1cm4tUGF0aDogPGNyb2JlcnRzQGJlc2Nob29sLm9yZzxtYWlsdG86
Y3JvYmVydHNAYmVzY2hvb2wub3JnPj4NCg0KUmVjZWl2ZWQ6IGZyb20gbWFpbC15dzAteDI0NC5n
b29nbGUuY29tPGh0dHA6Ly9tYWlsLXl3MC14MjQ0Lmdvb2dsZS5jb20+IChtYWlsLXl3MC14MjQ0
Lmdvb2dsZS5jb208aHR0cDovL21haWwteXcwLXgyNDQuZ29vZ2xlLmNvbT4uIFsyNjA3OmY4YjA6
NDAwMjpjMDU6OjI0NF0pDQoNCiAgICAgICAgYnkgbXguZ29vZ2xlLmNvbTxodHRwOi8vbXguZ29v
Z2xlLmNvbT4gd2l0aCBFU01UUFMgaWQgcDE5M3NpNTA0ODMyeWJnLjI2My4yMDE3LjAyLjA5LjA1
LjM2LjA1DQoNCiAgICAgICAgZm9yIDxlZm9nYXJ0eUBiZXNjaG9vbC5vcmc8bWFpbHRvOmVmb2dh
cnR5QGJlc2Nob29sLm9yZz4+DQoNCiAgICAgICAgKHZlcnNpb249VExTMV8yIGNpcGhlcj1FQ0RI
RS1SU0EtQUVTMTI4LUdDTS1TSEEyNTYgYml0cz0xMjgvMTI4KTsNCg0KICAgICAgICBUaHUsIDA5
IEZlYiAyMDE3IDA1OjM2OjA1IC0wODAwIChQU1QpDQoNClJlY2VpdmVkLVNQRjogbmV1dHJhbCAo
Z29vZ2xlLmNvbTxodHRwOi8vZ29vZ2xlLmNvbT46IDI2MDc6ZjhiMDo0MDAyOmMwNTo6MjQ0IGlz
IG5laXRoZXIgcGVybWl0dGVkIG5vciBkZW5pZWQgYnkgYmVzdCBndWVzcyByZWNvcmQgZm9yIGRv
bWFpbiBvZiBjcm9iZXJ0c0BiZXNjaG9vbC5vcmc8bWFpbHRvOmNyb2JlcnRzQGJlc2Nob29sLm9y
Zz4pIGNsaWVudC1pcD0yNjA3OmY4YjA6NDAwMjpjMDU6OjI0NDsNCg0KQXV0aGVudGljYXRpb24t
UmVzdWx0czogbXguZ29vZ2xlLmNvbTxodHRwOi8vbXguZ29vZ2xlLmNvbT47DQoNCiAgICAgICBk
a2ltPXBhc3MgaGVhZGVyLmk9QGJlc2Nob29sLW9yZy4yMDE1MDYyMy5nYXBwc3NtdHAuY29tPGh0
dHA6Ly9iZXNjaG9vbC1vcmcuMjAxNTA2MjMuZ2FwcHNzbXRwLmNvbT47DQoNCiAgICAgICBzcGY9
bmV1dHJhbCAoZ29vZ2xlLmNvbTxodHRwOi8vZ29vZ2xlLmNvbT46IDI2MDc6ZjhiMDo0MDAyOmMw
NTo6MjQ0IGlzIG5laXRoZXIgcGVybWl0dGVkIG5vciBkZW5pZWQgYnkgYmVzdCBndWVzcyByZWNv
cmQgZm9yIGRvbWFpbiBvZiBjcm9iZXJ0c0BiZXNjaG9vbC5vcmc8bWFpbHRvOmNyb2JlcnRzQGJl
c2Nob29sLm9yZz4pIHNtdHAubWFpbGZyb209Y3JvYmVydHNAYmVzY2hvb2wub3JnPG1haWx0bzpj
cm9iZXJ0c0BiZXNjaG9vbC5vcmc+DQoNClJlY2VpdmVkOiBieSBtYWlsLXl3MC14MjQ0Lmdvb2ds
ZS5jb208aHR0cDovL21haWwteXcwLXgyNDQuZ29vZ2xlLmNvbT4gd2l0aCBTTVRQIGlkIHU2OHNv
Mjg0NDAyeXdnLjANCg0KICAgICAgICBmb3IgPGVmb2dhcnR5QGJlc2Nob29sLm9yZzxtYWlsdG86
ZWZvZ2FydHlAYmVzY2hvb2wub3JnPj47IFRodSwgMDkgRmViIDIwMTcgMDU6MzY6MDUgLTA4MDAg
KFBTVCkNCg0KREtJTS1TaWduYXR1cmU6IHY9MTsgYT1yc2Etc2hhMjU2OyBjPXJlbGF4ZWQvcmVs
YXhlZDsNCg0KICAgICAgICBkPWJlc2Nob29sLW9yZy4yMDE1MDYyMy5nYXBwc3NtdHAuY29tPGh0
dHA6Ly9iZXNjaG9vbC1vcmcuMjAxNTA2MjMuZ2FwcHNzbXRwLmNvbT47IHM9MjAxNTA2MjM7DQoN
CiAgICAgICAgaD1taW1lLXZlcnNpb246ZnJvbTpkYXRlOm1lc3NhZ2UtaWQ6c3ViamVjdDp0bzsN
Cg0KICAgICAgICBiaD1wOFE0bW1SK1psb1B0OU14VEZVNEQwQks1TkVFNzIwaTJBelBaaFlzNXRz
PTsNCg0KICAgICAgICBiPXN0ODdUWEYvWnhMY1c3a0lRWm4rc0JQNENkd2NQanhER3ptZTliYXUz
Tk1Pd0FOVEJJckRlTS85d0RqVlpSMmtuVw0KDQogICAgICAgICBTYklST0Z2SXRSbU9vMnN2US9q
WGROQXU4cjE3eE0wQS8wemlvWDU4UGRPUkkvbXFTUjlab2crYjlveStqbzVLVUFuZA0KDQogICAg
ICAgICBzWDV2eGNXOEdlYzRhK0xzNGVxS1MrV3NSRHVnWVpJcUtqRng0TlFSNWtzRFp2VldObWgx
Nml6QjBUR2xPSUFTK0NPNw0KDQogICAgICAgICBadHAyUDE3dkk5VE95OUhhU1ZWTnZOeWlRWk81
RnF3a0xkcHJkcmp5MFVxS2pBYU03eWpnSVUxYjdxUUxleUhEdi9Mbg0KDQogICAgICAgICBzSGI5
eU0vV0dDNFhQRXByVW1sOUQza2VZVTI1TU1zdU9DZE40dlE5N3RLT2tDVlBxY0hGbmlwVWM3Rmln
MTltcWlHNA0KDQogICAgICAgICBHVS9BPT0NCg0KWC1Hb29nbGUtREtJTS1TaWduYXR1cmU6IHY9
MTsgYT1yc2Etc2hhMjU2OyBjPXJlbGF4ZWQvcmVsYXhlZDsNCg0KICAgICAgICBkPTFlMTAwLm5l
dDxodHRwOi8vMWUxMDAubmV0Pjsgcz0yMDE2MTAyNTsNCg0KICAgICAgICBoPXgtZ20tbWVzc2Fn
ZS1zdGF0ZTptaW1lLXZlcnNpb246ZnJvbTpkYXRlOm1lc3NhZ2UtaWQ6c3ViamVjdDp0bzsNCg0K
ICAgICAgICBiaD1wOFE0bW1SK1psb1B0OU14VEZVNEQwQks1TkVFNzIwaTJBelBaaFlzNXRzPTsN
Cg0KICAgICAgICBiPWdEZ0FuSGg3c2VXNS9acGtOWkgydEpHaVJzRGtBcWt5Q2FsZnNNK1h5Vi8z
RlNrK0MxSGs4OExBS1B1R2hoZG95RA0KDQogICAgICAgICA5Mk9qd3RvbldLckdkQTBRbEFuWjZ4
bTdLaSsrMjFRazFIamlHc2dmc3hudFFiOWMydHk5OWs2bE5YL0JLdU9ZQXo5Yg0KDQogICAgICAg
ICBTeUdSL01qSlBQRlYrMXR0SjVkUFc5bll0SG9JSkF3YkZ4TTE1bXU4aTVkMGFYQm5qSWp2bndI
aWMzekF3aFU2YTFwSw0KDQogICAgICAgICB6YXhKdWhwL0IxcmJlQUhDQWhOZVF4TmxpUlFpclBS
SW1ZVThJRnVmMGkxL09IUXdEY2FLSU0xY1cxQmlTV2wzUmVqNQ0KDQogICAgICAgICA1R2Z1Y0pi
VXBQbU55bzAvZElvYWtnSjRBS29LY0F1NUlsQ2o1d3R1dmxqSklCMGZvWGZnTlEvWkg4VmU5a0Iw
Q05mZw0KDQogICAgICAgICBKaTRRPT0NCg0KWC1HbS1NZXNzYWdlLVN0YXRlOiBBTWtlMzltZVJL
clFJbEJDaS9iMXRkK0hQS2oxTE5tbzZmQVJBZm5neTBRS2E0UUJSZ2xKSzM3bWFTcDY3Q1p2Ukcz
alVWY295ZlBxL0NpK0F4aCtrN2NQYkdvPQ0KDQpYLVJlY2VpdmVkOiBieSAxMC4xMjkuMTUyLjc3
IHdpdGggU01UUCBpZCBwNzRtcjIwNjQzMjB5d2cuMTc3LjE0ODY2NDczNjQ2MTE7IFRodSwgMDkg
RmViIDIwMTcgMDU6MzY6MDQgLTA4MDAgKFBTVCkNCg0KTUlNRS1WZXJzaW9uOiAxLjANCg0KUmVj
ZWl2ZWQ6IGJ5IDEwLjM3LjEyMy43IHdpdGggSFRUUDsgVGh1LCA5IEZlYiAyMDE3IDA1OjM2OjAx
IC0wODAwIChQU1QpDQoNCkZyb206IENhdGh5IFJvYmVydHMgPGNyb2JlcnRzQGJlc2Nob29sLm9y
ZzxtYWlsdG86Y3JvYmVydHNAYmVzY2hvb2wub3JnPj4NCg0KRGF0ZTogVGh1LCA5IEZlYiAyMDE3
IDA1OjM2OjAxIC0wODAwDQoNCk1lc3NhZ2UtSUQ6IDxDQVB3K0ppSnV1QU94dTA3bktPOUt1RHpL
REViWWthc05GQnRvU010UlpfaEN0TEp6dmdAbWFpbC5nbWFpbC5jb208bWFpbHRvOkNBUHclMkJK
aUp1dUFPeHUwN25LTzlLdUR6S0RFYllrYXNORkJ0b1NNdFJaX2hDdExKenZnQG1haWwuZ21haWwu
Y29tPj4NCg0KU3ViamVjdDogU2VjdXJlZCBNZXNzYWdlDQoNClRvOiB1bmRpc2Nsb3NlZC1yZWNp
cGllbnRzOjsNCg0KQ29udGVudC1UeXBlOiBtdWx0aXBhcnQvbWl4ZWQ7IGJvdW5kYXJ5PTk0ZWIy
YzBiYmY1NjEzNDc5MDA1NDgxOTEwZmMNCg0KQmNjOiBlZm9nYXJ0eUBiZXNjaG9vbC5vcmc8bWFp
bHRvOmVmb2dhcnR5QGJlc2Nob29sLm9yZz4NCg0KDQoNCi0tOTRlYjJjMGJiZjU2MTM0NzkwMDU0
ODE5MTBmYw0KDQpDb250ZW50LVR5cGU6IG11bHRpcGFydC9hbHRlcm5hdGl2ZTsgYm91bmRhcnk9
OTRlYjJjMGJiZjU2MTM0NzhiMDU0ODE5MTBmYQ0KDQoNCg0KLS05NGViMmMwYmJmNTYxMzQ3OGIw
NTQ4MTkxMGZhDQoNCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD1VVEYtOA0KDQoN
Cg0KUGxlYXNlIHNlZSBhdHRhY2hlZCBkb2N1bWVudCBmb3IgeW91ciByZXZpZXcuDQoNCg0KDQoN
Cg0KVGhhbmtzDQoNCg0KDQotLTk0ZWIyYzBiYmY1NjEzNDc4YjA1NDgxOTEwZmENCg0KQ29udGVu
dC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9VVRGLTgNCg0KQ29udGVudC1UcmFuc2Zlci1FbmNv
ZGluZzogcXVvdGVkLXByaW50YWJsZQ0KDQoNCg0KPGRpdiBkaXI9M0QibHRyIj48c3BhbiBzdHls
ZT0zRCJmb250LXNpemU6MTIuOHB4O2xpbmUtaGVpZ2h0Om5vcm1hbCI+UGxlYXNlPQ0KDQogc2Vl
IGF0dGFjaGVkIGRvY3VtZW50IGZvciB5b3VyIHJldmlldy48L3NwYW4+PGJyIHN0eWxlPTNEImZv
bnQtc2l6ZToxMi44cHg9DQoNCjtsaW5lLWhlaWdodDpub3JtYWwiPjxiciBzdHlsZT0zRCJmb250
LXNpemU6MTIuOHB4O2xpbmUtaGVpZ2h0Om5vcm1hbCI+PGJyID0NCg0Kc3R5bGU9M0QiZm9udC1z
aXplOjEyLjhweDtsaW5lLWhlaWdodDpub3JtYWwiPjxzcGFuIHN0eWxlPTNEImZvbnQtc2l6ZTox
Mi44PQ0KDQpweDtsaW5lLWhlaWdodDpub3JtYWwiPlRoYW5rczwvc3Bhbj48YnI+PC9kaXY+DQoN
Cg0KDQotLTk0ZWIyYzBiYmY1NjEzNDc4YjA1NDgxOTEwZmEtLQ0KDQotLTk0ZWIyYzBiYmY1NjEz
NDc5MDA1NDgxOTEwZmMNCg0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9wZGY7IG5hbWU9IkRv
Y3VtZW50MjAxNy0wOS0wMi0wNzUwNTUucGRmIg0KDQpDb250ZW50LURpc3Bvc2l0aW9uOiBhdHRh
Y2htZW50OyBmaWxlbmFtZT0iRG9jdW1lbnQyMDE3LTA5LTAyLTA3NTA1NS5wZGYiDQoNCkNvbnRl
bnQtVHJhbnNmZXItRW5jb2Rpbmc6IGJhc2U2NA0KDQpYLUF0dGFjaG1lbnQtSWQ6IGZfaXl5ZmZy
MHQwDQoNCg0KDQoNCg0KLS05NGViMmMwYmJmNTYxMzQ3OTAwNTQ4MTkxMGZjLS0NCg0KRWRpdGgg
Rm9nYXJ0eQ0KVGVjaG5vbG9neSBJbnRlZ3JhdGlvbiBGYWNpbGl0YXRvcg0KQnJhZGZvcmQgRWxl
bWVudGFyeSBTY2hvb2wNCjE0MyBGYWlyZ3JvdW5kIFJkDQpCcmFkZm9yZCwgVlQgMDUwMzMNCjgw
Mi4yMjIuNDA3NyB4MjgxDQo4MDIuMjIyLjUxOTYgZmF4DQpbaHR0cHM6Ly9kb2NzLmdvb2dsZS5j
b20vdWM/ZXhwb3J0PWRvd25sb2FkJmlkPTBCLTJCU29sNFRPTzlVVEF0TWtFNU1tWkpRVlUmcmV2
aWQ9MEItMkJTb2w0VE9POU5XSlVObTh6YzFWalUxWm1Vak5KV21GcGQyTkNOV041YzBFd1BRXSBb
aHR0cHM6Ly9kb2NzLmdvb2dsZS5jb20vdWM/ZXhwb3J0PWRvd25sb2FkJmlkPTBCLTJCU29sNFRP
TzlVekJUTjNkT2JWaFdRMWsmcmV2aWQ9MEItMkJTb2w0VE9POVpFWTVNRzl5YTBrd2MxcDFRa3RT
UjNsR2MyWXlUSEV3SzJvMFBRXQ0KDQpPbiBGcmksIEZlYiAxMCwgMjAxNyBhdCA5OjEyIEFNLCBT
Y290dCBHcmFudCA8c2dyYW50QGFud3N1Lm9yZzxtYWlsdG86c2dyYW50QGFud3N1Lm9yZz4+IHdy
b3RlOg0KQWdyZWVkLiAgSSd2ZSBzZWVuIHRoYXQgYWN0dWFsbHkgbW9yZSBvZnRlbi4gIEJlIHN1
cmUgdG8gcG9pbnQgb3V0IHRoYXQgeW91IG5lZWQgdGhlIGhlYWRlcnMgb2YgdGhlIG9yaWdpbmFs
IHRoZXkgcmVjZWl2ZWQuDQoNCk9uIEZyaSwgRmViIDEwLCAyMDE3IGF0IDk6MDQgQU0sIERhdmlk
IE1jQ2xlbGxhbiA8ZGF2aWQubWNjbGVsbGFuQGNlc3V2dC5vcmc8bWFpbHRvOmRhdmlkLm1jY2xl
bGxhbkBjZXN1dnQub3JnPj4gd3JvdGU6DQpOb3QgdG8gZGlzY291bnQgdGhlIHBvc3NpYmlsaXR5
IG9mIHRoZSBhY2NvdW50IGJlaW5nIGNvbXByb21pc2VkLCBidXQgSSdtIHdpdGggQmlsbCBGaXR6
Z2VyYWxkIGhlcmUuIEknZCBjaGVjayB0aGUgaGVhZGVycyBvZiB0aGUgc2VudCBtYWlsLCBJJ2Qg
YmUgd2lsbGluZyB0byBiZXQgdGhlIGFkZHJlc3Mgd2FzIHNwb29mZWQuIE1heWJlIGhhdmUgdGhl
IHJlY2lwaWVudHMgb2YgdGhlIGVtYWlsIGZvcndhcmQgaXQgYmFjayB0byB5b3UgdG8gc2VlIHdo
YXQgeW91IGNhbiBpbiB0aGUgaGVhZGVycz8NCg0KR29vZCBsdWNrLA0KDQpPbiBUaHUsIEZlYiA5
LCAyMDE3LCAxODoyMyBCaWxsIEZpdHpnZXJhbGQgPGJpbGxAZnVubnltb25rZXkuY29tPG1haWx0
bzpiaWxsQGZ1bm55bW9ua2V5LmNvbT4+IHdyb3RlOg0KQWxzbywganVzdCBzbyB0aGUgZW1haWwg
YWRkcmVzcyBjYW4ndCBiZSBzcG9vZmVkLCBtYWtlIHN1cmUgdGhhdCB5b3UgaGF2ZSBTUEYsIERL
SU0sIGFuZCBETUFSQyByZWNvcmRzIHNldCB1cC4NCg0KQ2hlZXJzLA0KDQpCaWxsDQoNCk9uIFRo
dSwgRmViIDksIDIwMTcgYXQgMTI6NTUgUE0sIFNjb3R0IEdyYW50IDxzZ3JhbnRAYW53c3Uub3Jn
PG1haWx0bzpzZ3JhbnRAYW53c3Uub3JnPj4gd3JvdGU6DQpNb3N0IG9mIHRoZXNlIHN1Z2dlc3Rp
b25zIGFzc3VtZSBHb29nbGUgZW1haWwgYWNjb3VudHMuICBIZXJlJ3Mgd2hhdCBJJ2Qgc3VnZ2Vz
dCB0byBzdW1tYXJpemU6DQoNCkRpc2FibGUgdGhlIGFjY291bnQgZmlyc3QhIChhbHJlYWR5IGRv
bmUpDQpSZXZpZXcgd2hlcmUgdGhlIGFjY291bnQgaGFkIGJlZW4gbG9nZ2VkIGludG8uICBHZXQg
c2NyZWVuIGNhcHR1cmVzIG9mIHRoZSBkYXRhLg0KQ2hhbmdlIHRoZSBwYXNzd29yZC4NCkNvbnNp
ZGVyIGhhdmluZyB0aGUgdXNlciBsZXZlcmFnZSBhIHNlY29uZC1mYWN0b3IgZm9yIGF1dGhlbnRp
Y2F0aW9uLg0KUmVzZXQgc2lnbiBpbiBjb29raWVzIGFzIHBlciBhbm90aGVyIHN1Z2dlc3Rpb24u
DQpSdW4gQVYgb24gdGhlIHVzZXIncyBjb21wdXRlcihzKS4NCkVuc3VyZSBhIGxldmVsIG9mIHBh
c3N3b3JkIGNvbXBsZXhpdHkgZm9yIHRoZSBuZXcgcGFzc3dvcmQuDQpSZS1lbmFibGUgdGhlIGFj
Y291bnQuDQpSZXZpZXcgdGhlaXIgU2VudCBtZXNzYWdlcyBhbmQgQUxMIE1haWwgdmlld3MuICBB
bHNvIGVuc3VyZSB0aGV5IGFyZSByZWNlaXZpbmcgZW1haWxzIGNvcnJlY3RseS4gIFNvbWV0aW1l
cyBoYWNrZXJzIHdpbGwgYWRkIGEgcnVsZSB0byBHTWFpbCB0byBhcmNoaXZlIGFsbCBpbmJvdW5k
IG1lc3NhZ2VzLiAgVGhpcyB3YXksIHRoZSBvd25lciBkb2Vzbid0IHNlZSB0aGUgZGVsaXZlcnkg
ZmFpbHVyZXMsIGV0Yy4NCg0KVmVyaWZ5IHdoZXJlIHRoZXkgYWNjZXNzIHRoZWlyIGVtYWlsIGZy
b20uICBJcyBpdCBmcm9tIGhvbWUgYXMgd2VsbCBvbiBhIGRpZmZlcmVudCBjb21wdXRlcj8gIFN1
Z2dlc3QgdGhleSBydW4gQVYgdGhlcmUgYXMgd2VsbC4NCg0KVGhhdCdzIHRoZSBiYXNpY3MuDQoN
Cg0KDQpPbiBUaHUsIEZlYiA5LCAyMDE3IGF0IDEwOjA2IEFNLCBDaHJpc3RpbmUgR2lic29uIDxj
Z2lic29uQGFjc3Uub3JnPG1haWx0bzpjZ2lic29uQGFjc3Uub3JnPj4gd3JvdGU6DQpJIHdvdWxk
IGFsc28gc3VnZ2VzdCB0aGF0IHlvdSByZXNldCB0aGUgc2lnbi1pbiBjb29raWVzLiAgVGhpcyB3
aWxsIGtpY2sgb3V0IGFueW9uZSB3aG8gbWF5IGhhdmUgYmVlbiBzaWduZWQgaW50byB0aGUgYWNj
b3VudC4gIFNpbXBseSBjaGFuZ2luZyB0aGUgcGFzc3dvcmQgZG9lcyBub3QgdGVybWluYXRlIGFs
bCBjdXJyZW50IHNlc3Npb25zLiAgWW91IGNhbiBmaW5kIHRoZSBzd2l0Y2ggdG8gcmVzZXQgdGhl
IHNpZ24taW4gY29va2llcyB1bmRlciBBY2NvdW50IGluIHRoZSBHb29nbGUgQWRtaW4gQ29uc29s
ZS4NCg0KQ2hyaXN0aW5lIEdpYnNvbg0KDQpQb3dlclNjaG9vbCBEYXRhIE1hbmFnZXINCjQ5IENo
YXJsZXMgQXZlbnVlDQpNaWRkbGVidXJ5LCBWVCAwNTc1Mw0KY2dpYnNvbkBhY3N1Lm9yZzxtYWls
dG86Y2dpYnNvbkBhY3N1Lm9yZz4NCjgwMi0zODItMTcyMDx0ZWw6KDgwMiklMjAzODItMTcyMD4N
Cg0KT24gVGh1LCBGZWIgOSwgMjAxNyBhdCAxMDowMSBBTSwgUmF5bW9uZCBCYWxsb3UgPHJiYWxs
b3VAd3J2c3Uub3JnPG1haWx0bzpyYmFsbG91QHdydnN1Lm9yZz4+IHdyb3RlOg0KRWRpdGgNCg0K
Tm90IHN1cmUgd2h5IGl0IGRvZXNuJ3QgbGlzdCBjaGFuZ2UgcGFzc3dvcmQsIGJ1dCBoZXJlIGFy
ZSB0aGUgc3VnZ2VzdGlvbnMgZnJvbSBHb29nbGUuDQoNCmh0dHBzOi8vc3VwcG9ydC5nb29nbGUu
Y29tL2EvYW5zd2VyLzI5ODQzNDk/aGw9ZW4NCg0KDQpSDQoNCi0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQoNClNl
YXJjaCA8aHR0cDovL2xpc3QudXZtLmVkdS9hcmNoaXZlcy9zY2hvb2wtaXQuaHRtbD4gdGhlIFND
SE9PTC1JVCBBcmNoaXZlDQoNCk1hbmFnZTxodHRwOi8vbGlzdC51dm0uZWR1L2NnaS1iaW4vd2E/
U1VCRUQxPVNDSE9PTC1JVCZBPTE+IHlvdXIgU3Vic2NyaXB0aW9uIHRvIFNDSE9PTC1JVA0KDQoN
Ci0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tDQoNClNlYXJjaCA8aHR0cDovL2xpc3QudXZtLmVkdS9hcmNoaXZlcy9z
Y2hvb2wtaXQuaHRtbD4gdGhlIFNDSE9PTC1JVCBBcmNoaXZlDQoNCk1hbmFnZTxodHRwOi8vbGlz
dC51dm0uZWR1L2NnaS1iaW4vd2E/U1VCRUQxPVNDSE9PTC1JVCZBPTE+IHlvdXIgU3Vic2NyaXB0
aW9uIHRvIFNDSE9PTC1JVA0KDQoNCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQoNClNlYXJjaCA8aHR0cDovL2xp
c3QudXZtLmVkdS9hcmNoaXZlcy9zY2hvb2wtaXQuaHRtbD4gdGhlIFNDSE9PTC1JVCBBcmNoaXZl
DQoNCk1hbmFnZTxodHRwOi8vbGlzdC51dm0uZWR1L2NnaS1iaW4vd2E/U1VCRUQxPVNDSE9PTC1J
VCZBPTE+IHlvdXIgU3Vic2NyaXB0aW9uIHRvIFNDSE9PTC1JVA0KDQoNCi0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
DQoNClNlYXJjaCA8aHR0cDovL2xpc3QudXZtLmVkdS9hcmNoaXZlcy9zY2hvb2wtaXQuaHRtbD4g
dGhlIFNDSE9PTC1JVCBBcmNoaXZlDQoNCk1hbmFnZTxodHRwOi8vbGlzdC51dm0uZWR1L2NnaS1i
aW4vd2E/U1VCRUQxPVNDSE9PTC1JVCZBPTE+IHlvdXIgU3Vic2NyaXB0aW9uIHRvIFNDSE9PTC1J
VA0KLS0NCkRhdmlkIE1jQ2xlbGxhbg0KVGVjaG5vbG9neSBTdXBwb3J0IFNwZWNpYWxpc3QNCkNo
aXR0ZW5kZW4gRWFzdCBTdXBlcnZpc29yeSBVbmlvbg0KTW9iaWxlOiAoODAyKSA0NTggLSA3MzI3
PHRlbDooODAyKSUyMDQ1OC03MzI3Pg0KQmFja3VwIE1vYmlsZTogKDgwMikgNDQ4IC0gMDMyOTx0
ZWw6KDgwMiklMjA0NDgtMDMyOT4NCg0KDQpUaGlzIGUtbWFpbCBtYXkgY29udGFpbiBpbmZvcm1h
dGlvbiBwcm90ZWN0ZWQgdW5kZXIgdGhlIEZhbWlseSBFZHVjYXRpb25hbCBSaWdodHMgYW5kIFBy
aXZhY3kgQWN0IChGRVJQQSkuIElmIHRoaXMgZS1tYWlsIGNvbnRhaW5zIHN0dWRlbnQgaW5mb3Jt
YXRpb24gYW5kIHlvdSBhcmUgbm90IGVudGl0bGVkIHRvIGFjY2VzcyBzdWNoIGluZm9ybWF0aW9u
IHVuZGVyIEZFUlBBLCBwbGVhc2Ugbm90aWZ5IHRoZSBzZW5kZXIuIEZlZGVyYWwgcmVndWxhdGlv
bnMgcmVxdWlyZSB0aGF0IHlvdSBkZXN0cm95IHRoaXMgZS1tYWlsIHdpdGhvdXQgcmV2aWV3aW5n
IGl0IGFuZCB5b3UgbWF5IG5vdCBmb3J3YXJkIGl0IHRvIGFueW9uZS4NCg0KLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0NCg0KU2VhcmNoIDxodHRwOi8vbGlzdC51dm0uZWR1L2FyY2hpdmVzL3NjaG9vbC1pdC5odG1s
PiB0aGUgU0NIT09MLUlUIEFyY2hpdmUNCg0KTWFuYWdlPGh0dHA6Ly9saXN0LnV2bS5lZHUvY2dp
LWJpbi93YT9TVUJFRDE9U0NIT09MLUlUJkE9MT4geW91ciBTdWJzY3JpcHRpb24gdG8gU0NIT09M
LUlUDQoNCg0KLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCg0KU2VhcmNoIDxodHRwOi8vbGlzdC51dm0uZWR1L2Fy
Y2hpdmVzL3NjaG9vbC1pdC5odG1sPiB0aGUgU0NIT09MLUlUIEFyY2hpdmUNCg0KTWFuYWdlPGh0
dHA6Ly9saXN0LnV2bS5lZHUvY2dpLWJpbi93YT9TVUJFRDE9U0NIT09MLUlUJkE9MT4geW91ciBT
dWJzY3JpcHRpb24gdG8gU0NIT09MLUlUDQoNCg0KQ09ORklERU5USUFMSVRZIE5PVEU6IFRoZSBp
bmZvcm1hdGlvbiB0cmFuc21pdHRlZCwgaW5jbHVkaW5nIGF0dGFjaG1lbnRzLCBpcyBpbnRlbmRl
ZCBvbmx5IGZvciB0aGUgcGVyc29uKHMpIG9yIGVudGl0eSB0byB3aGljaCBpdCBpcyBhZGRyZXNz
ZWQgYW5kIG1heSBjb250YWluIGNvbmZpZGVudGlhbCBhbmQvb3IgcHJpdmlsZWdlZCBtYXRlcmlh
bC4gQW55IHJldmlldywgcmV0cmFuc21pc3Npb24sIGRpc3NlbWluYXRpb24gb3Igb3RoZXIgdXNl
IG9mLCBvciB0YWtpbmcgb2YgYW55IGFjdGlvbiBpbiByZWxpYW5jZSB1cG9uIHRoaXMgaW5mb3Jt
YXRpb24gYnkgcGVyc29ucyBvciBlbnRpdGllcyBvdGhlciB0aGFuIHRoZSBpbnRlbmRlZCByZWNp
cGllbnQgaXMgcHJvaGliaXRlZC4gSWYgeW91IHJlY2VpdmVkIHRoaXMgaW4gZXJyb3IsIHBsZWFz
ZSBjb250YWN0IHRoZSBzZW5kZXIgYW5kIGRlc3Ryb3kgYW55IGNvcGllcyBvZiB0aGlzIGluZm9y
bWF0aW9uLg0KDQotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KDQpTZWFyY2ggPGh0dHA6Ly9saXN0LnV2bS5lZHUv
YXJjaGl2ZXMvc2Nob29sLWl0Lmh0bWw+IHRoZSBTQ0hPT0wtSVQgQXJjaGl2ZQ0KDQpNYW5hZ2U8
aHR0cDovL2xpc3QudXZtLmVkdS9jZ2ktYmluL3dhP1NVQkVEMT1TQ0hPT0wtSVQmQT0xPiB5b3Vy
IFN1YnNjcmlwdGlvbiB0byBTQ0hPT0wtSVQNCg==
--_000_f41eadc420624eaaac2188dfbdf1c2f2WCSUMAIL13U32ORG_
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset="utf-8"

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf-8">
<meta name=3D"Generator" content=3D"Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
=09{font-family:"Cambria Math";
=09panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
=09{font-family:Calibri;
=09panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
=09{font-family:Consolas;
=09panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
=09{margin:0in;
=09margin-bottom:.0001pt;
=09font-size:12.0pt;
=09font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
=09{mso-style-priority:99;
=09color:blue;
=09text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
=09{mso-style-priority:99;
=09color:purple;
=09text-decoration:underline;}
p
=09{mso-style-priority:99;
=09mso-margin-top-alt:auto;
=09margin-right:0in;
=09mso-margin-bottom-alt:auto;
=09margin-left:0in;
=09font-size:12.0pt;
=09font-family:"Times New Roman",serif;}
pre
=09{mso-style-priority:99;
=09mso-style-link:"HTML Preformatted Char";
=09margin:0in;
=09margin-bottom:.0001pt;
=09font-size:10.0pt;
=09font-family:"Courier New";}
span.HTMLPreformattedChar
=09{mso-style-name:"HTML Preformatted Char";
=09mso-style-priority:99;
=09mso-style-link:"HTML Preformatted";
=09font-family:Consolas;}
p.m9104320700020084147m-2468182713704057239gmailmsg, li.m910432070002008414=
7m-2468182713704057239gmailmsg, div.m9104320700020084147m-24681827137040572=
39gmailmsg
=09{mso-style-name:m_9104320700020084147m_-2468182713704057239gmail_msg;
=09mso-margin-top-alt:auto;
=09margin-right:0in;
=09mso-margin-bottom-alt:auto;
=09margin-left:0in;
=09font-size:12.0pt;
=09font-family:"Times New Roman",serif;}
span.m9104320700020084147m-2468182713704057239gmailmsg1
=09{mso-style-name:m_9104320700020084147m_-2468182713704057239gmail_msg1;}
span.m9104320700020084147m-2468182713704057239m1484017590329750603m43264582=
4362608678m-5775518676933508011hoenzb
=09{mso-style-name:m_9104320700020084147m_-2468182713704057239m_14840175903=
29750603m_432645824362608678m_-5775518676933508011hoenzb;}
span.m9104320700020084147m-2468182713704057239m1484017590329750603m43264582=
4362608678m-5775518676933508011m2563036470163041945hoenzb
=09{mso-style-name:m_9104320700020084147m_-2468182713704057239m_14840175903=
29750603m_432645824362608678m_-5775518676933508011m_2563036470163041945hoen=
zb;}
span.m9104320700020084147hoenzb
=09{mso-style-name:m_9104320700020084147hoenzb;}
span.EmailStyle26
=09{mso-style-type:personal-reply;
=09font-family:"Calibri",sans-serif;
=09color:#1F497D;}
.MsoChpDefault
=09{mso-style-type:export-only;
=09font-family:"Calibri",sans-serif;}
@page WordSection1
=09{size:8.5in 11.0in;
=09margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
=09{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"EN-US" link=3D"blue" vlink=3D"purple">
<div class=3D"WordSection1">
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,sans-serif;color:#1F497D">To add to the conversation, the part =
to look at with your message is the flow<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
<pre><span style=3D"font-size:10.5pt;color:black">Return-Path: &lt;<a href=
=3D"mailto:[log in to unmask]">[log in to unmask]</a>&gt;<o:p></o:p><=
/span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">Received: from <a href=3D=
"http://mail-yw0-x244.google.com">mail-yw0-x244.google.com</a> (<a href=3D"=
http://mail-yw0-x244.google.com">mail-yw0-x244.google.com</a>. [2607:f8b0:4=
002:c05::244])<o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp; by <a href=3D"http://mx.google.com">mx.google.com</a> wit=
h ESMTPS id p193si504832ybg.263.2017.02.09.05.36.05<o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp; for &lt;<a href=3D"mailto:[log in to unmask]">efogarty=
@beschool.org</a>&gt;<o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp; (version=3DTLS1_2 cipher=3DECDHE-RSA-AES128-GCM-SHA256 bi=
ts=3D128/128);<o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp; Thu, 09 Feb 2017 05:36:05 -0800 (PST)<o:p></o:p></span></=
pre>
<pre><span style=3D"font-size:10.5pt;color:black">Received-SPF: neutral (<a=
 href=3D"http://google.com">google.com</a>: 2607:f8b0:4002:c05::244 is neit=
her permitted nor denied by best guess record for domain of <a href=3D"mail=
to:[log in to unmask]">[log in to unmask]</a>) client-ip=3D2607:f8b0:=
4002:c05::244;<o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">Authentication-Results: <=
a href=3D"http://mx.google.com">mx.google.com</a>;<o:p></o:p></span></pre>
<p class=3D"MsoNormal"><span style=3D"font-size:10.5pt;color:black"><o:p>&n=
bsp;</o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,sans-serif;color:#1F497D">On quick review, this message was nev=
er outside of googles mail servers (as someone already pointed out) based o=
n the receiving server and authenticating server<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
<pre><span style=3D"font-size:10.5pt;color:black">Authentication-Results: <=
a href=3D"http://mx.google.com">mx.google.com</a>;<o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp; dkim=3Dpass header.i=3D@<a href=3D"http://beschool-org.20150623=
.gappssmtp.com">beschool-org.20150623.gappssmtp.com</a>;<o:p></o:p></span><=
/pre>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,sans-serif;color:#1F497D">To me, it looks like someone gained a=
ccess to the users account credentials and sent the email as if they were t=
he user through either Gmail direct or a client-side
 mail program. I would advise you to set up both your MX and SPF records wi=
th your DNS provider as it looks like you don=E2=80=99t currently have this=
 configured and could be spoofed (mail sent to others as if it originated b=
y a user in your domain). Hope this helps.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,sans-serif;color:#1F497D">Rob Carter<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,sans-serif;color:#1F497D">WCSU Technology<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><b><span style=3D"font-size:11.0pt;font-family:&quot=
;Calibri&quot;,sans-serif">From:</span></b><span style=3D"font-size:11.0pt;=
font-family:&quot;Calibri&quot;,sans-serif"> School Information Technology =
Discussion [mailto:[log in to unmask]]
<b>On Behalf Of </b>Edith Fogarty<br>
<b>Sent:</b> Friday, February 10, 2017 9:43 AM<br>
<b>To:</b> [log in to unmask]<br>
<b>Subject:</b> Re: Suggestions for rogue emails<o:p></o:p></span></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<div>
<p class=3D"MsoNormal">Forgive my ignorance, but what can I tell from the h=
eaders?&nbsp; I can honestly say that I don't even know what part is the &q=
uot;header.&quot; &nbsp;Below is what I received.<o:p></o:p></p>
<div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
<div>
<pre id=3D"gmail-raw_message_text"><span style=3D"font-size:10.5pt;color:bl=
ack">Delivered-To: <a href=3D"mailto:[log in to unmask]">efogarty@bescho=
ol.org</a><o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">Received: by 10.157.12.15=
5 with SMTP id b27csp265855otb;<o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp; Thu, 9 Feb 2017 05:36:05 -0800 (PST)<o:p></o:p></span></p=
re>
<pre><span style=3D"font-size:10.5pt;color:black">X-Received: by 10.129.118=
.77 with SMTP id j13mr2242697ywk.270.1486647365266;<o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp; Thu, 09 Feb 2017 05:36:05 -0800 (PST)<o:p></o:p></span></=
pre>
<pre><span style=3D"font-size:10.5pt;color:black">Return-Path: &lt;<a href=
=3D"mailto:[log in to unmask]">[log in to unmask]</a>&gt;<o:p></o:p><=
/span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">Received: from <a href=3D=
"http://mail-yw0-x244.google.com">mail-yw0-x244.google.com</a> (<a href=3D"=
http://mail-yw0-x244.google.com">mail-yw0-x244.google.com</a>. [2607:f8b0:4=
002:c05::244])<o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp; by <a href=3D"http://mx.google.com">mx.google.com</a> wit=
h ESMTPS id p193si504832ybg.263.2017.02.09.05.36.05<o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp; for &lt;<a href=3D"mailto:[log in to unmask]">efogarty=
@beschool.org</a>&gt;<o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp; (version=3DTLS1_2 cipher=3DECDHE-RSA-AES128-GCM-SHA256 bi=
ts=3D128/128);<o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp; Thu, 09 Feb 2017 05:36:05 -0800 (PST)<o:p></o:p></span></=
pre>
<pre><span style=3D"font-size:10.5pt;color:black">Received-SPF: neutral (<a=
 href=3D"http://google.com">google.com</a>: 2607:f8b0:4002:c05::244 is neit=
her permitted nor denied by best guess record for domain of <a href=3D"mail=
to:[log in to unmask]">[log in to unmask]</a>) client-ip=3D2607:f8b0:=
4002:c05::244;<o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">Authentication-Results: <=
a href=3D"http://mx.google.com">mx.google.com</a>;<o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp; dkim=3Dpass header.i=3D@<a href=3D"http://beschool-org.20150623=
.gappssmtp.com">beschool-org.20150623.gappssmtp.com</a>;<o:p></o:p></span><=
/pre>
<pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp; spf=3Dneutral (<a href=3D"http://google.com">google.com</a>: 26=
07:f8b0:4002:c05::244 is neither permitted nor denied by best guess record =
for domain of <a href=3D"mailto:[log in to unmask]">[log in to unmask]
g</a>) smtp.mailfrom=3D<a href=3D"mailto:[log in to unmask]">croberts@be=
school.org</a><o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">Received: by <a href=3D"h=
ttp://mail-yw0-x244.google.com">mail-yw0-x244.google.com</a> with SMTP id u=
68so284402ywg.0<o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp; for &lt;<a href=3D"mailto:[log in to unmask]">efogarty=
@beschool.org</a>&gt;; Thu, 09 Feb 2017 05:36:05 -0800 (PST)<o:p></o:p></sp=
an></pre>
<pre><span style=3D"font-size:10.5pt;color:black">DKIM-Signature: v=3D1; a=
=3Drsa-sha256; c=3Drelaxed/relaxed;<o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp; d=3D<a href=3D"http://beschool-org.20150623.gappssmtp.com=
">beschool-org.20150623.gappssmtp.com</a>; s=3D20150623;<o:p></o:p></span><=
/pre>
<pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp; h=3Dmime-version:from:date:message-id:subject:to;<o:p></o=
:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp; bh=3Dp8Q4mmR&#43;ZloPt9MxTFU4D0BK5NEE720i2AzPZhYs5ts=3D;<=
o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp; &nbsp;=
&nbsp;&nbsp;&nbsp;b=3Dst87TXF/ZxLcW7kIQZn&#43;sBP4CdwcPjxDGzme9bau3NMOwANTB=
IrDeM/9wDjVZR2knW<o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp; SbIROFvItRmOo2svQ/jXdNAu8r17xM0A/0zioX58PdORI/mqSR9=
Zog&#43;b9oy&#43;jo5KUAnd<o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp; sX5vxcW8Gec4a&#43;Ls4eqKS&#43;WsRDugYZIqKjFx4NQR5ks=
DZvVWNmh16izB0TGlOIAS&#43;CO7<o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp; Ztp2P17vI9TOy9HaSVVNvNyiQZO5FqwkLdprdrjy0UqKjAaM7yj=
gIU1b7qQLeyHDv/Ln<o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp; sHb9yM/WGC4XPEprUml9D3keYU25MMsuOCdN4vQ97tKOkCVPqcH=
FnipUc7Fig19mqiG4<o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp; GU/A=3D=3D<o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">X-Google-DKIM-Signature: =
v=3D1; a=3Drsa-sha256; c=3Drelaxed/relaxed;<o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp; d=3D<a href=3D"http://1e100.net">1e100.net</a>; s=3D20161=
025;<o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp; h=3Dx-gm-message-state:mime-version:from:date:message-id:=
subject:to;<o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp; bh=3Dp8Q4mmR&#43;ZloPt9MxTFU4D0BK5NEE720i2AzPZhYs5ts=3D;<=
o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp; b=3DgDgAnHh7seW5/ZpkNZH2tJGiRsDkAqkyCalfsM&#43;XyV/3FSk&#=
43;C1Hk88LAKPuGhhdoyD<o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp; 92OjwtonWKrGdA0QlAnZ6xm7Ki&#43;&#43;21Qk1HjiGsgfsxn=
tQb9c2ty99k6lNX/BKuOYAz9b<o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp; SyGR/MjJPPFV&#43;1ttJ5dPW9nYtHoIJAwbFxM15mu8i5d0aXB=
njIjvnwHic3zAwhU6a1pK<o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp; zaxJuhp/B1rbeAHCAhNeQxNliRQirPRImYU8IFuf0i1/OHQwDca=
KIM1cW1BiSWl3Rej5<o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp; 5GfucJbUpPmNyo0/dIoakgJ4AKoKcAu5IlCj5wtuvljJIB0foXf=
gNQ/ZH8Ve9kB0CNfg<o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp; Ji4Q=3D=3D<o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">X-Gm-Message-State: AMke3=
9meRKrQIlBCi/b1td&#43;HPKj1LNmo6fARAfngy0QKa4QBRglJK37maSp67CZvRG3jUVcoyfPq=
/Ci&#43;Axh&#43;k7cPbGo=3D<o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">X-Received: by 10.129.152=
.77 with SMTP id p74mr2064320ywg.177.1486647364611; Thu, 09 Feb 2017 05:36:=
04 -0800 (PST)<o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">MIME-Version: 1.0<o:p></o=
:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">Received: by 10.37.123.7 =
with HTTP; Thu, 9 Feb 2017 05:36:01 -0800 (PST)<o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">From: Cathy Roberts &lt;<=
a href=3D"mailto:[log in to unmask]">[log in to unmask]</a>&gt;<o:p><=
/o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">Date: Thu, 9 Feb 2017 05:=
36:01 -0800<o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">Message-ID: &lt;<a href=
=3D"mailto:[log in to unmask]=
.com">CAPw&#43;[log in to unmask]=
m</a>&gt;<o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">Subject: Secured Message<=
o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">To: undisclosed-recipient=
s:;<o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">Content-Type: multipart/m=
ixed; boundary=3D94eb2c0bbf5613479005481910fc<o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">Bcc: <a href=3D"mailto:ef=
[log in to unmask]">[log in to unmask]</a><o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black"><o:p>&nbsp;</o:p></span><=
/pre>
<pre><span style=3D"font-size:10.5pt;color:black">--94eb2c0bbf5613479005481=
910fc<o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">Content-Type: multipart/a=
lternative; boundary=3D94eb2c0bbf5613478b05481910fa<o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black"><o:p>&nbsp;</o:p></span><=
/pre>
<pre><span style=3D"font-size:10.5pt;color:black">--94eb2c0bbf5613478b05481=
910fa<o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">Content-Type: text/plain;=
 charset=3DUTF-8<o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black"><o:p>&nbsp;</o:p></span><=
/pre>
<pre><span style=3D"font-size:10.5pt;color:black">Please see attached docum=
ent for your review.<o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black"><o:p>&nbsp;</o:p></span><=
/pre>
<pre><span style=3D"font-size:10.5pt;color:black"><o:p>&nbsp;</o:p></span><=
/pre>
<pre><span style=3D"font-size:10.5pt;color:black">Thanks<o:p></o:p></span><=
/pre>
<pre><span style=3D"font-size:10.5pt;color:black"><o:p>&nbsp;</o:p></span><=
/pre>
<pre><span style=3D"font-size:10.5pt;color:black">--94eb2c0bbf5613478b05481=
910fa<o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">Content-Type: text/html; =
charset=3DUTF-8<o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">Content-Transfer-Encoding=
: quoted-printable<o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black"><o:p>&nbsp;</o:p></span><=
/pre>
<pre><span style=3D"font-size:10.5pt;color:black">&lt;div dir=3D3D&quot;ltr=
&quot;&gt;&lt;span style=3D3D&quot;font-size:12.8px;line-height:normal&quot=
;&gt;Please=3D<o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black"> see attached document fo=
r your review.&lt;/span&gt;&lt;br style=3D3D&quot;font-size:12.8px=3D<o:p><=
/o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">;line-height:normal&quot;=
&gt;&lt;br style=3D3D&quot;font-size:12.8px;line-height:normal&quot;&gt;&lt=
;br =3D<o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">style=3D3D&quot;font-size=
:12.8px;line-height:normal&quot;&gt;&lt;span style=3D3D&quot;font-size:12.8=
=3D<o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">px;line-height:normal&quo=
t;&gt;Thanks&lt;/span&gt;&lt;br&gt;&lt;/div&gt;<o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black"><o:p>&nbsp;</o:p></span><=
/pre>
<pre><span style=3D"font-size:10.5pt;color:black">--94eb2c0bbf5613478b05481=
910fa--<o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">--94eb2c0bbf5613479005481=
910fc<o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">Content-Type: application=
/pdf; name=3D&quot;Document2017-09-02-075055.pdf&quot;<o:p></o:p></span></p=
re>
<pre><span style=3D"font-size:10.5pt;color:black">Content-Disposition: atta=
chment; filename=3D&quot;Document2017-09-02-075055.pdf&quot;<o:p></o:p></sp=
an></pre>
<pre><span style=3D"font-size:10.5pt;color:black">Content-Transfer-Encoding=
: base64<o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black">X-Attachment-Id: f_iyyffr=
0t0<o:p></o:p></span></pre>
<pre><span style=3D"font-size:10.5pt;color:black"><o:p>&nbsp;</o:p></span><=
/pre>
<pre><span style=3D"font-size:10.5pt;color:black"><o:p>&nbsp;</o:p></span><=
/pre>
<pre><span style=3D"font-size:10.5pt;color:black">--94eb2c0bbf5613479005481=
910fc--<o:p></o:p></span></pre>
</div>
</div>
<div>
<p class=3D"MsoNormal"><br clear=3D"all">
<o:p></o:p></p>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<p class=3D"MsoNormal">Edith Fogarty<br>
Technology Integration Facilitator<br>
Bradford Elementary School<br>
143 Fairground Rd<br>
Bradford, VT 05033<br>
802.222.4077 x281<br>
802.222.5196 fax<o:p></o:p></p>
</div>
<div>
<p class=3D"MsoNormal"><img border=3D"0" width=3D"94" height=3D"96" id=3D"_=
x0000_i1025" src=3D"https://docs.google.com/uc?export=3Ddownload&amp;id=3D0=
B-2BSol4TOO9UTAtMkE5MmZJQVU&amp;revid=3D0B-2BSol4TOO9NWJUNm8zc1VjU1ZmUjNJWm=
Fpd2NCNWN5c0EwPQ">&nbsp;<img border=3D"0" width=3D"93" height=3D"96" id=3D"=
_x0000_i1026" src=3D"https://docs.google.com/uc?export=3Ddownload&amp;id=3D=
0B-2BSol4TOO9UzBTN3dObVhWQ1k&amp;revid=3D0B-2BSol4TOO9ZEY5MG9ya0kwc1p1QktSR=
3lGc2YyTHEwK2o0PQ"><o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<div>
<p class=3D"MsoNormal">On Fri, Feb 10, 2017 at 9:12 AM, Scott Grant &lt;<a =
href=3D"mailto:[log in to unmask]" target=3D"_blank">[log in to unmask]</a>&gt;=
 wrote:<o:p></o:p></p>
<blockquote style=3D"border:none;border-left:solid #CCCCCC 1.0pt;padding:0i=
n 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<p class=3D"MsoNormal">Agreed.&nbsp; I've seen that actually more often.&nb=
sp; Be sure to point out that you need the headers of the original they rec=
eived.<o:p></o:p></p>
</div>
<div>
<div>
<div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<div>
<p class=3D"MsoNormal">On Fri, Feb 10, 2017 at 9:04 AM, David McClellan &lt=
;<a href=3D"mailto:[log in to unmask]" target=3D"_blank">david.mccl=
[log in to unmask]</a>&gt; wrote:<o:p></o:p></p>
<blockquote style=3D"border:none;border-left:solid #CCCCCC 1.0pt;padding:0i=
n 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<p class=3D"MsoNormal">Not to discount the possibility of the account being=
 compromised, but I'm with Bill Fitzgerald here. I'd check the headers of t=
he sent mail, I'd be willing to bet the address was spoofed. Maybe have the=
 recipients of the email forward it
 back to you to see what you can in the headers? <o:p></o:p></p>
</div>
<p class=3D"m9104320700020084147m-2468182713704057239gmailmsg">Good luck,<o=
:p></o:p></p>
<div>
<div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<div>
<div>
<p class=3D"MsoNormal">On Thu, Feb 9, 2017, 18:23 Bill Fitzgerald &lt;<a hr=
ef=3D"mailto:[log in to unmask]" target=3D"_blank">[log in to unmask]</=
a>&gt; wrote:<o:p></o:p></p>
</div>
<blockquote style=3D"border:none;border-left:solid #CCCCCC 1.0pt;padding:0i=
n 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<p class=3D"MsoNormal">Also, just so the email address can't be spoofed, ma=
ke sure that you have SPF, DKIM, and DMARC records set up.<o:p></o:p></p>
<div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
<div>
<p class=3D"MsoNormal">Cheers,<o:p></o:p></p>
</div>
<div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
<div>
<p class=3D"MsoNormal">Bill<o:p></o:p></p>
</div>
</div>
<div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<div>
<p class=3D"MsoNormal">On Thu, Feb 9, 2017 at 12:55 PM, Scott Grant <span c=
lass=3D"m9104320700020084147m-2468182713704057239gmailmsg1">
&lt;<a href=3D"mailto:[log in to unmask]" target=3D"_blank">[log in to unmask]<=
/a>&gt;</span> wrote:<o:p></o:p></p>
<blockquote style=3D"border:none;border-left:solid #CCCCCC 1.0pt;padding:0i=
n 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<p class=3D"MsoNormal">Most of these suggestions assume Google email accoun=
ts.&nbsp; Here's what I'd suggest to summarize:<o:p></o:p></p>
<div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
<div>
<p class=3D"MsoNormal">Disable the account first! (already done)<o:p></o:p>=
</p>
</div>
<div>
<p class=3D"MsoNormal">Review where the account had been logged into.&nbsp;=
 Get screen captures of the data.<o:p></o:p></p>
</div>
<div>
<p class=3D"MsoNormal">Change the password.<o:p></o:p></p>
</div>
<div>
<p class=3D"MsoNormal">Consider having the user leverage a second-factor fo=
r authentication.<o:p></o:p></p>
</div>
<div>
<p class=3D"MsoNormal">Reset sign in cookies as per another suggestion.<o:p=
></o:p></p>
</div>
<div>
<p class=3D"MsoNormal">Run AV on the user's computer(s).<o:p></o:p></p>
</div>
<div>
<p class=3D"MsoNormal">Ensure a level of password complexity for the new pa=
ssword.<o:p></o:p></p>
</div>
<div>
<p class=3D"MsoNormal">Re-enable the account.<o:p></o:p></p>
</div>
<div>
<p class=3D"MsoNormal">Review their Sent messages and ALL Mail views.&nbsp;=
 Also ensure they are receiving emails correctly.&nbsp; Sometimes hackers w=
ill add a rule to GMail&nbsp;to archive all inbound messages.&nbsp; This wa=
y, the owner doesn't see the delivery failures, etc.<o:p></o:p></p>
</div>
<div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
<div>
<p class=3D"MsoNormal">Verify where they access their email from.&nbsp; Is =
it from home as well on a different computer?&nbsp; Suggest they run AV the=
re as well.<o:p></o:p></p>
</div>
<div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
<div>
<p class=3D"MsoNormal">That's the basics. &nbsp;<o:p></o:p></p>
</div>
<div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
<div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
</div>
<div>
<div>
<div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<div>
<p class=3D"MsoNormal">On Thu, Feb 9, 2017 at 10:06 AM, Christine Gibson <s=
pan class=3D"m9104320700020084147m-2468182713704057239gmailmsg1">
&lt;<a href=3D"mailto:[log in to unmask]" target=3D"_blank">[log in to unmask]<=
/a>&gt;</span> wrote:<o:p></o:p></p>
<blockquote style=3D"border:none;border-left:solid #CCCCCC 1.0pt;padding:0i=
n 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<p class=3D"MsoNormal">I would also suggest that you reset the sign-in cook=
ies.&nbsp; This will kick out anyone who may have been signed into the acco=
unt.&nbsp; Simply changing the password does not terminate all current sess=
ions.&nbsp; You can find the switch to reset the
 sign-in cookies under Account in the Google Admin Console.<o:p></o:p></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"color:#888888"><br clear=3D"all">
<span class=3D"m9104320700020084147m-2468182713704057239m148401759032975060=
3m432645824362608678m-5775518676933508011hoenzb"><o:p></o:p></span></span><=
/p>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<p class=3D"MsoNormal"><b><span style=3D"color:#444444">Christine Gibson<br=
>
</span></b><span style=3D"color:#888888"><br>
</span><b><i><span style=3D"color:#0B5394">PowerSchool Data Manager</span><=
/i></b><o:p></o:p></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"color:#666666">49 Charles Avenue<br>
Middlebury, VT 05753<br>
<a href=3D"mailto:[log in to unmask]" target=3D"_blank"><b>[log in to unmask]</=
b></a><br>
<a href=3D"tel:(802)%20382-1720" target=3D"_blank">802-382-1720</a></span><=
span style=3D"color:#888888"><o:p></o:p></span></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<div>
<div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<div>
<p class=3D"MsoNormal">On Thu, Feb 9, 2017 at 10:01 AM, Raymond Ballou <spa=
n class=3D"m9104320700020084147m-2468182713704057239gmailmsg1">
&lt;<a href=3D"mailto:[log in to unmask]" target=3D"_blank">[log in to unmask]
g</a>&gt;</span> wrote:<o:p></o:p></p>
<blockquote style=3D"border:none;border-left:solid #CCCCCC 1.0pt;padding:0i=
n 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<div>
<div>
<div>
<p class=3D"MsoNormal">Edith<o:p></o:p></p>
</div>
<div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
<div>
<p class=3D"MsoNormal">Not sure why it doesn't list change password, but he=
re are the suggestions from Google.<o:p></o:p></p>
</div>
<div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
<div>
<p class=3D"MsoNormal"><a href=3D"https://support.google.com/a/answer/29843=
49?hl=3Den" target=3D"_blank">https://support.google.com/a/answer/2984349?h=
l=3Den</a><o:p></o:p></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"color:#888888"><o:p>&nbsp;</o:p></spa=
n></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"color:#888888"><o:p>&nbsp;</o:p></spa=
n></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"color:#888888">R<o:p></o:p></span></p=
>
</div>
</div>
</div>
</div>
<div>
<div>
<p class=3D"m9104320700020084147m-2468182713704057239gmailmsg">------------=
-----------------------------------------------------------<o:p></o:p></p>
<p class=3D"m9104320700020084147m-2468182713704057239gmailmsg"><a href=3D"h=
ttp://list.uvm.edu/archives/school-it.html" target=3D"_blank">Search
</a>the SCHOOL-IT Archive<o:p></o:p></p>
<p class=3D"m9104320700020084147m-2468182713704057239gmailmsg"><a href=3D"h=
ttp://list.uvm.edu/cgi-bin/wa?SUBED1=3DSCHOOL-IT&amp;A=3D1" target=3D"_blan=
k">Manage</a> your Subscription to SCHOOL-IT<o:p></o:p></p>
</div>
</div>
</blockquote>
</div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
</div>
</div>
<div>
<div>
<p class=3D"m9104320700020084147m-2468182713704057239gmailmsg">------------=
-----------------------------------------------------------<o:p></o:p></p>
<p class=3D"m9104320700020084147m-2468182713704057239gmailmsg"><a href=3D"h=
ttp://list.uvm.edu/archives/school-it.html" target=3D"_blank">Search
</a>the SCHOOL-IT Archive<o:p></o:p></p>
<p class=3D"m9104320700020084147m-2468182713704057239gmailmsg"><a href=3D"h=
ttp://list.uvm.edu/cgi-bin/wa?SUBED1=3DSCHOOL-IT&amp;A=3D1" target=3D"_blan=
k">Manage</a> your Subscription to SCHOOL-IT<o:p></o:p></p>
</div>
</div>
</blockquote>
</div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
<p class=3D"m9104320700020084147m-2468182713704057239gmailmsg">------------=
-----------------------------------------------------------<o:p></o:p></p>
<p class=3D"m9104320700020084147m-2468182713704057239gmailmsg"><a href=3D"h=
ttp://list.uvm.edu/archives/school-it.html" target=3D"_blank">Search
</a>the SCHOOL-IT Archive<o:p></o:p></p>
<p class=3D"m9104320700020084147m-2468182713704057239gmailmsg"><a href=3D"h=
ttp://list.uvm.edu/cgi-bin/wa?SUBED1=3DSCHOOL-IT&amp;A=3D1" target=3D"_blan=
k">Manage</a> your Subscription to SCHOOL-IT<o:p></o:p></p>
</div>
</div>
</blockquote>
</div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
<p class=3D"m9104320700020084147m-2468182713704057239gmailmsg">------------=
-----------------------------------------------------------<o:p></o:p></p>
<p class=3D"m9104320700020084147m-2468182713704057239gmailmsg"><a href=3D"h=
ttp://list.uvm.edu/archives/school-it.html" target=3D"_blank">Search
</a>the SCHOOL-IT Archive<o:p></o:p></p>
<p class=3D"m9104320700020084147m-2468182713704057239gmailmsg"><a href=3D"h=
ttp://list.uvm.edu/cgi-bin/wa?SUBED1=3DSCHOOL-IT&amp;A=3D1" target=3D"_blan=
k">Manage</a> your Subscription to SCHOOL-IT<o:p></o:p></p>
</blockquote>
</div>
</div>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"color:#888888">-- <o:p></o:p></span><=
/p>
</div>
<div>
<div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:9.5pt;font-family:&quot;Ari=
al&quot;,sans-serif;color:#666666">David McClellan</span><span style=3D"fon=
t-size:9.5pt;font-family:&quot;Arial&quot;,sans-serif;color:#222222"><o:p><=
/o:p></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:7.5pt;font-family:&quot;Ari=
al&quot;,sans-serif;color:#666666">Technology Support Specialist</span><spa=
n style=3D"font-size:9.5pt;font-family:&quot;Arial&quot;,sans-serif;color:#=
222222"><o:p></o:p></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:7.5pt;font-family:&quot;Ari=
al&quot;,sans-serif;color:#666666">Chittenden East Supervisory Union</span>=
<span style=3D"font-size:9.5pt;font-family:&quot;Arial&quot;,sans-serif;col=
or:#222222"><o:p></o:p></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:7.5pt;font-family:&quot;Ari=
al&quot;,sans-serif;color:#666666">Mobile:
<a href=3D"tel:(802)%20458-7327" target=3D"_blank">(802) 458 - 7327</a></sp=
an><span style=3D"font-size:9.5pt;font-family:&quot;Arial&quot;,sans-serif;=
color:#222222"><o:p></o:p></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:7.5pt;font-family:&quot;Ari=
al&quot;,sans-serif;color:#666666">Backup Mobile:
<a href=3D"tel:(802)%20448-0329" target=3D"_blank">(802) 448 - 0329</a></sp=
an><span style=3D"font-size:9.5pt;font-family:&quot;Arial&quot;,sans-serif;=
color:#222222"><o:p></o:p></span></p>
</div>
</div>
</div>
<p class=3D"MsoNormal"><span class=3D"m9104320700020084147hoenzb"><span sty=
le=3D"color:#888888"><o:p>&nbsp;</o:p></span></span></p>
<p><span style=3D"color:#888888">This e-mail may contain information protec=
ted under the Family Educational Rights and Privacy Act (FERPA). If this e-=
mail contains student information and you are not entitled to access such i=
nformation under FERPA, please notify
 the sender. Federal regulations require that you destroy this e-mail witho=
ut reviewing it and you may not forward it to anyone.&nbsp;</span><o:p></o:=
p></p>
<div>
<div>
<p>-----------------------------------------------------------------------<=
o:p></o:p></p>
<p><a href=3D"http://list.uvm.edu/archives/school-it.html" target=3D"_blank=
">Search </a>
the SCHOOL-IT Archive<o:p></o:p></p>
<p><a href=3D"http://list.uvm.edu/cgi-bin/wa?SUBED1=3DSCHOOL-IT&amp;A=3D1" =
target=3D"_blank">Manage</a> your Subscription to SCHOOL-IT<o:p></o:p></p>
</div>
</div>
</blockquote>
</div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
<p>-----------------------------------------------------------------------<=
o:p></o:p></p>
<p><a href=3D"http://list.uvm.edu/archives/school-it.html" target=3D"_blank=
">Search </a>
the SCHOOL-IT Archive<o:p></o:p></p>
<p><a href=3D"http://list.uvm.edu/cgi-bin/wa?SUBED1=3DSCHOOL-IT&amp;A=3D1" =
target=3D"_blank">Manage</a> your Subscription to SCHOOL-IT<o:p></o:p></p>
</div>
</div>
</blockquote>
</div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
<p class=3D"MsoNormal"><br>
<strong><span style=3D"color:#222222">CONFIDENTIALITY NOTE:</span></strong>=
<span style=3D"color:#222222">&nbsp;The information transmitted, including =
attachments, is intended only for the person(s) or entity to which it is ad=
dressed and may contain confidential and/or
 privileged material. Any review, retransmission, dissemination or other us=
e of, or taking of any action in reliance upon this information by persons =
or entities other than the intended recipient is prohibited. If you receive=
d this in error, please contact
 the sender and destroy any copies of this information.</span> <o:p></o:p><=
/p>
<p>-----------------------------------------------------------------------<=
o:p></o:p></p>
<p><a href=3D"http://list.uvm.edu/archives/school-it.html">Search </a>the S=
CHOOL-IT Archive<o:p></o:p></p>
<p><a href=3D"http://list.uvm.edu/cgi-bin/wa?SUBED1=3DSCHOOL-IT&amp;A=3D1">=
Manage</a> your Subscription to SCHOOL-IT<o:p></o:p></p>
</div>
</body>
</html>
<p>-----------------------------------------------------------------------<=
/p>
<p><A HREF=3D"http://list.uvm.edu/archives/school-it.html"> Search </a> the=
  SCHOOL-IT Archive</p>
<p><A HREF=3D"http://list.uvm.edu/cgi-bin/wa?SUBED1=3DSCHOOL-IT&A=3D1"> Man=
age</a> your Subscription to SCHOOL-IT</p>
--_000_f41eadc420624eaaac2188dfbdf1c2f2WCSUMAIL13U32ORG_--

On Fri, Feb 10, 2017 at 11:05 AM Robert Carter <[log in to unmask]> wrote:

To add to the conversation, the part to look at with your message is the flow

 

Return-Path: <[log in to unmask]>
Received: from mail-yw0-x244.google.com (mail-yw0-x244.google.com. [2607:f8b0:4002:c05::244])
        by mx.google.com with ESMTPS id p193si504832ybg.263.2017.02.09.05.36.05
        for <[log in to unmask]>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Thu, 09 Feb 2017 05:36:05 -0800 (PST)
Received-SPF: neutral (google.com: 2607:f8b0:4002:c05::244 is neither permitted nor denied by best guess record for domain of [log in to unmask]) client-ip=2607:f8b0:4002:c05::244;
Authentication-Results: mx.google.com;

 

On quick review, this message was never outside of googles mail servers (as someone already pointed out) based on the receiving server and authenticating server

 

Authentication-Results: mx.google.com;
       dkim=pass header.i=@beschool-org.20150623.gappssmtp.com;

 

To me, it looks like someone gained access to the users account credentials and sent the email as if they were the user through either Gmail direct or a client-side mail program. I would advise you to set up both your MX and SPF records with your DNS provider as it looks like you don’t currently have this configured and could be spoofed (mail sent to others as if it originated by a user in your domain). Hope this helps.

 

Rob Carter

WCSU Technology

 

 

From: School Information Technology Discussion [mailto:[log in to unmask]] On Behalf Of Edith Fogarty
Sent: Friday, February 10, 2017 9:43 AM
To: [log in to unmask]
Subject: Re: Suggestions for rogue emails

 

Forgive my ignorance, but what can I tell from the headers?  I can honestly say that I don't even know what part is the "header."  Below is what I received.

 

Delivered-To: [log in to unmask]
Received: by 10.157.12.155 with SMTP id b27csp265855otb;
        Thu, 9 Feb 2017 05:36:05 -0800 (PST)
X-Received: by 10.129.118.77 with SMTP id j13mr2242697ywk.270.1486647365266;
        Thu, 09 Feb 2017 05:36:05 -0800 (PST)
Return-Path: <[log in to unmask]>
Received: from mail-yw0-x244.google.com (mail-yw0-x244.google.com. [2607:f8b0:4002:c05::244])
        by mx.google.com with ESMTPS id p193si504832ybg.263.2017.02.09.05.36.05
        for <[log in to unmask]>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Thu, 09 Feb 2017 05:36:05 -0800 (PST)
Received-SPF: neutral (google.com: 2607:f8b0:4002:c05::244 is neither permitted nor denied by best guess record for domain of [log in to unmask]) client-ip=2607:f8b0:4002:c05::244;
--

Larry Dougher
CIO
Windsor Southeast SU

-----------------------------------------------------------------------

Search the SCHOOL-IT Archive

Manage your Subscription to SCHOOL-IT