question about spam and email
I get an email apparently sent from my own address. For example, my address is, lets say, george@george.net The email as shown in the headers is as follows: (sparing you the men's health html content....) ____________________________________ X-Apparently-To: george@george.net via 217.146.188.205; Thu, 05 Mar 2009 03:09:34 +0000 X-YahooFilteredBulk: 89.255.66.166 X-YMailISG: 2SY32MQWLDseQtPq.viRb0HoD8citXfwb5yU.qQraFBDXDSdpqZYN3SwTpk2iqGxKbNzyJRIqyYInXz.PZigNBPBknbacSefTzLimGCItZrnjtmFQaaOfgZNXdcMWqDHKjumsKzHWpo8wDBn0BQrSqXXEBxy41e9PkcAi3StSZXQ5lU87DuIa4i_lxae6ynbT2_mj5nNPclFaR6tpR569bOJeJ7Y1eLll0nhygykKIG6bEfLNpfT9DBFkvrU7eOPmUFf5PGJ2DYy9z9yaX0jQSHomZcRBr3HaPmdJPgShRnlwaq_SzZMzh.RtEraDzH_Lfg2W3oR X-Originating-IP: [89.255.66.166] Authentication-Results: mta129.mail.ukl.yahoo.com from=; domainkeys=neutral (no sig); from=; dkim=neutral (no sig) Received: from 89.255.66.166 (HELO amerblind.outbound.ed10.com) (89.255.66.166) by mta129.mail.ukl.yahoo.com with SMTP; Thu, 05 Mar 2009 03:09:32 +0000 X-Message-Status: n:0 X-SID-PRA:george@george.net X-SID-Result: Pass Date: Thu, 5 Mar 2009 06:09:25 +0300 (EST) From: Allan Carver <george@george.net> To: <george@george.net> Subject: RE: USA Menshealth(Thu, 5 Mar 2009 06:09:25 +0300) Mime-Version: 1.0 Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit Status: R X-Status: NC X-KMail-EncryptionState: X-KMail-SignatureState: X-KMail-MDN-Sent: ________________________________ Is this just innocent spam, or has the account been compromised?
2009/3/5 Peter Alcibiades <palcibiades-first@yahoo.co.uk>:
I get an email apparently sent from my own address. For example, my address is, lets say, george@george.net The email as shown in the headers is as follows: (sparing you the men's health html content....)
-- SNIP --
Is this just innocent spam, or has the account been compromised?
It is most likely that your email address has been harvested from a website somewhere (mailing list archives, etc) and is being spoofed to send out spam [0]. It is quite unlikely that the account has been compromised. Thanks, David 0 - http://en.wikipedia.org/wiki/Spoof_Email -- David Reynolds david@reynoldsfamily.org.uk
On Thu, 2009-03-05 at 09:01 +0000, Peter Alcibiades wrote:
Received: from 89.255.66.166 (HELO amerblind.outbound.ed10.com)
Looking this IP address up gives: Non-authoritative answer: 166.66.255.89.in-addr.arpa name = obl66.66.255.89.in-addr.arpa. doing the same for the alleged source: Non-authoritative answer: Name: amerblind.outbound.ed10.com Address: 209.202.164.111 ... [other similar 208/209 addresses] thus it appears that this email has been sent from a dynamic address pool (obl66...) which does not match the claimed sender machine, and I would conclude that it's plain ol' spam from a zombie machine that perhaps Yahoo could be filtering out. P
On Thu, 2009-03-05 at 09:01 +0000, Peter Alcibiades wrote:
I get an email apparently sent from my own address. For example, my address is, lets say, george@george.net The email as shown in the headers is as follows: (sparing you the men's health html content....)
I have had a few of these too. Some spam filters have a whitelist of "trusted" addresses and any e-mail received from one of these addresses is assumed not to be spam without doing the other checks. I suspect the sender is hoping your own address will be on that whitelist. With standard Internet e-mail anyone (who knows how) can send e-mail apparently from any address. Only by tracing the route by which it was delivered can one determine if it is likely to have come from the person who claims to have sent it. Regards, Steve.
The message <1236259880.3143.34.camel@ecrins.fosdick.home.net> from Steve Fosdick <lists@pelvoux.nildram.co.uk> contains these words:
On Thu, 2009-03-05 at 09:01 +0000, Peter Alcibiades wrote:
I get an email apparently sent from my own address. For example, my address is, lets say, george@george.net The email as shown in the headers is as follows: (sparing you the men's health html content....)
I have had a few of these too.
Some spam filters have a whitelist of "trusted" addresses and any e-mail received from one of these addresses is assumed not to be spam without doing the other checks. I suspect the sender is hoping your own address will be on that whitelist.
With standard Internet e-mail anyone (who knows how) can send e-mail apparently from any address. Only by tracing the route by which it was delivered can one determine if it is likely to have come from the person who claims to have sent it.
And with malice, it can become a Joe-job... -- Tony http://www.users.zetnet.co.uk/hi-fi/
participants (5)
-
David Reynolds -
Peter Alcibiades -
Phil Ashby -
Rusty_Hinge -
Steve Fosdick