I get an email apparently sent from my own address. For example, my address is, lets say, george@george.net The email as shown in the headers is as follows: (sparing you the men's health html content....)
____________________________________ X-Apparently-To: george@george.net via 217.146.188.205; Thu, 05 Mar 2009 03:09:34 +0000 X-YahooFilteredBulk: 89.255.66.166 X-YMailISG: 2SY32MQWLDseQtPq.viRb0HoD8citXfwb5yU.qQraFBDXDSdpqZYN3SwTpk2iqGxKbNzyJRIqyYInXz.PZigNBPBknbacSefTzLimGCItZrnjtmFQaaOfgZNXdcMWqDHKjumsKzHWpo8wDBn0BQrSqXXEBxy41e9PkcAi3StSZXQ5lU87DuIa4i_lxae6ynbT2_mj5nNPclFaR6tpR569bOJeJ7Y1eLll0nhygykKIG6bEfLNpfT9DBFkvrU7eOPmUFf5PGJ2DYy9z9yaX0jQSHomZcRBr3HaPmdJPgShRnlwaq_SzZMzh.RtEraDzH_Lfg2W3oR X-Originating-IP: [89.255.66.166] Authentication-Results: mta129.mail.ukl.yahoo.com from=; domainkeys=neutral (no sig); from=; dkim=neutral (no sig) Received: from 89.255.66.166 (HELO amerblind.outbound.ed10.com) (89.255.66.166) by mta129.mail.ukl.yahoo.com with SMTP; Thu, 05 Mar 2009 03:09:32 +0000 X-Message-Status: n:0 X-SID-PRA:george@george.net X-SID-Result: Pass Date: Thu, 5 Mar 2009 06:09:25 +0300 (EST) From: Allan Carver george@george.net To: george@george.net Subject: RE: USA Menshealth(Thu, 5 Mar 2009 06:09:25 +0300) Mime-Version: 1.0 Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit Status: R X-Status: NC X-KMail-EncryptionState: X-KMail-SignatureState: X-KMail-MDN-Sent: ________________________________
Is this just innocent spam, or has the account been compromised?
2009/3/5 Peter Alcibiades palcibiades-first@yahoo.co.uk:
I get an email apparently sent from my own address. For example, my address is, lets say, george@george.net The email as shown in the headers is as follows: (sparing you the men's health html content....)
-- SNIP --
Is this just innocent spam, or has the account been compromised?
It is most likely that your email address has been harvested from a website somewhere (mailing list archives, etc) and is being spoofed to send out spam [0]. It is quite unlikely that the account has been compromised.
Thanks,
David
0 - http://en.wikipedia.org/wiki/Spoof_Email
On Thu, 2009-03-05 at 09:01 +0000, Peter Alcibiades wrote:
Received: from 89.255.66.166 (HELO amerblind.outbound.ed10.com)
Looking this IP address up gives:
Non-authoritative answer: 166.66.255.89.in-addr.arpa name = obl66.66.255.89.in-addr.arpa.
doing the same for the alleged source:
Non-authoritative answer: Name: amerblind.outbound.ed10.com Address: 209.202.164.111 ... [other similar 208/209 addresses]
thus it appears that this email has been sent from a dynamic address pool (obl66...) which does not match the claimed sender machine, and I would conclude that it's plain ol' spam from a zombie machine that perhaps Yahoo could be filtering out.
P
On Thu, 2009-03-05 at 09:01 +0000, Peter Alcibiades wrote:
I get an email apparently sent from my own address. For example, my address is, lets say, george@george.net The email as shown in the headers is as follows: (sparing you the men's health html content....)
I have had a few of these too.
Some spam filters have a whitelist of "trusted" addresses and any e-mail received from one of these addresses is assumed not to be spam without doing the other checks. I suspect the sender is hoping your own address will be on that whitelist.
With standard Internet e-mail anyone (who knows how) can send e-mail apparently from any address. Only by tracing the route by which it was delivered can one determine if it is likely to have come from the person who claims to have sent it.
Regards, Steve.
The message 1236259880.3143.34.camel@ecrins.fosdick.home.net from Steve Fosdick lists@pelvoux.nildram.co.uk contains these words:
On Thu, 2009-03-05 at 09:01 +0000, Peter Alcibiades wrote:
I get an email apparently sent from my own address. For example, my address is, lets say, george@george.net The email as shown in the headers is as follows: (sparing you the men's health html content....)
I have had a few of these too.
Some spam filters have a whitelist of "trusted" addresses and any e-mail received from one of these addresses is assumed not to be spam without doing the other checks. I suspect the sender is hoping your own address will be on that whitelist.
With standard Internet e-mail anyone (who knows how) can send e-mail apparently from any address. Only by tracing the route by which it was delivered can one determine if it is likely to have come from the person who claims to have sent it.
And with malice, it can become a Joe-job...
-
David Reynolds -
Peter Alcibiades -
Phil Ashby -
Rusty_Hinge -
Steve Fosdick