You are reading a single comment by @stevo_com and its replies.
Click here to read the full conversation.
London Fixed Gear and Single-Speed is a community of predominantly fixed gear and single-speed cyclists in and around London, UK.
This site is supported almost exclusively by donations. Please consider donating a small amount regularly.
@stevo_com
Their MX record (the servers that people will contact to send them email) point just to straight up O365/EOP, which is dogshit for protection. Their other DNS records for email authentication are also quite telling. The one which says which IPs are allowed to send email on their behalf, is fuckoed. The one that is designed to gather information about who is sending on their behalf and (the way it is currently configured) send unauthorised email to the junk/spam folder, shows that they are trying to implement domain spoofing protection by themselves (which always ends in tears). And anyway, send that stuff to junk is pointless, as users can still access it.
Tl;dr - this could very easily have been an email compromise. But of course this is conjecture.