Author |
Message |
Noahflintstone
Not quite a Newb
Joined: 21 Jan 2010
Posts: 21
|
Posted:
Tue Jan 26, 2010 4:12 pm |
|
I recieved some spam from my own work email address today about viagra, Does this mean my account has been hacked? What are the chances that the same email was sent to any body else using my account? I traced the email and it came from my account but IP in bangkok.
Bit concerned people are recieving viagra spam from my email and I don't want to be known for that |
|
|
|
|
Bankster
Baiting Guru
Joined: 22 Jun 2007
Posts: 2239
Location: Gone for a while.
|
Posted:
Tue Jan 26, 2010 4:27 pm |
|
There's probably not much you can do about somebody using your e-mail address. One can put pretty much anything they please in the From: field. That doesn't necessarily mean your account has been hacked (much like I can send a letter in your name without having access to the mailbox in front of your house).
There are some tools around to verify the sender of an e-mail (SPF, DomainKeys), but not all providers use these.
Can you post the message headers? They'll tell you where the viagra mail actually came from. |
_________________ Whoever said you can't touch happiness has never petted a dog.
( ) x10 __ x? |
|
|
|
thud419
Baiting Guru
Joined: 04 Jan 2006
Posts: 3193
|
Posted:
Tue Jan 26, 2010 4:29 pm |
|
It is highly likely that your email address was just used for the "From" address in the email. The spammer doesn't need to hack you to do that, just use a mass-mailer that isn't choosy about how it constructs the mail. Since it's a work address, I assume that it wouldn't be accessible from Bangkok, like Hotmail or Yahoo would be. You can be absolutely certain if you follow the "Received" headers in the email, but even without seeing them, it's almost definite that you have nothing to worry about.
...Except receiving all the bounce messages for the entire spam run, which is possible. If you get those, then you may well get on spam black-lists, and receive nasty emails from ill-informed people who think you sent the message. |
_________________ Click here to feel warm and cozy.
I did not f**k your wife in any way -- Nike Akanbi
I don't know what else to do or do I continue filling and filling forms. -- Barr. Koloti
you has been dribbling me up and down but I will show some thing you have never seen before, I think you breath air wait and see. -- Barr. Cole
x14
x 0.25 won from Reaper in a sucker's bet
x8 x several |
|
|
|
r2d2
Master of Master Baiters
Joined: 19 Apr 2009
Posts: 796
Location: in a galaxy far far away
|
Posted:
Tue Jan 26, 2010 4:30 pm |
|
i think it is possible to make an email seem to be sent by a certain email address,
without it actually being sent by that address.
however, only a human recipient will be fooled - the headers contain the unambiguous truth.
i doubt you have cause for concern, but please post them so the experts can take a look. |
_________________ x4
Climate Change for Dummies
Climate Sceptic Myths Debunked |
|
|
|
Noahflintstone
Not quite a Newb
Joined: 21 Jan 2010
Posts: 21
|
Posted:
Tue Jan 26, 2010 4:33 pm |
|
To do that would give away my real identity
My email address contains my full name
I did use http://www.ip-adress.com/trace_email/ to check it says it was sent from my email but address in Bankok, never even been there before
Unless I'm having a 'fight club' moment |
|
|
|
|
Bankster
Baiting Guru
Joined: 22 Jun 2007
Posts: 2239
Location: Gone for a while.
|
Posted:
Tue Jan 26, 2010 4:42 pm |
|
Quote: |
Unless I'm having a 'fight club' moment |
You should keep that theory in mind in case it turns out the sender was actually you.
Besides that, your e-mail address appears to have been used as a fake sender address by spammers, which is annoying but not much to worry about. Happens to me all the time, if that's of any comfort. |
_________________ Whoever said you can't touch happiness has never petted a dog.
( ) x10 __ x? |
|
|
|
r2d2
Master of Master Baiters
Joined: 19 Apr 2009
Posts: 796
Location: in a galaxy far far away
|
Posted:
Tue Jan 26, 2010 4:43 pm |
|
by all means edit out your name and anything before an '@'
if the from: field has been spoofed, the headers will contain extra lines that an expert can easily identify as being faked - that's why i suggested posting headers. |
_________________ x4
Climate Change for Dummies
Climate Sceptic Myths Debunked |
|
|
|
Noahflintstone
Not quite a Newb
Joined: 21 Jan 2010
Posts: 21
|
Posted:
Tue Jan 26, 2010 4:49 pm |
|
Well without my name in it appears as:
Delivered-To: [email protected]
Received: by 10.213.109.4 with SMTP id h4cs132503ebp;
Tue, 26 Jan 2010 00:02:02 -0800 (PST)
Received: by 10.141.213.29 with SMTP id p29mr5462516rvq.103.1264492920974;
Tue, 26 Jan 2010 00:02:00 -0800 (PST)
Return-Path: <[email protected]>
Received: from ppp-58-9-201-67.revip2.asianet.co.th (ppp-58-9-201-67.revip2.asianet.co.th [58.9.201.67])
by mx.google.com with SMTP id 8si8638293pxi.19.2010.01.26.00.01.27;
Tue, 26 Jan 2010 00:02:00 -0800 (PST)
Received-SPF: neutral (google.com: 58.9.201.67 is neither permitted nor denied by domain of [email protected]) client-ip=58.9.201.67;
Authentication-Results: mx.google.com; spf=neutral (google.com: 58.9.201.67 is neither permitted nor denied by domain of [email protected]) [email protected]
Date: Tue, 26 Jan 2010 00:02:00 -0800 (PST)
X-Originating-IP: [51.140.495.2]
X-Originating-Email: [[email protected]]
X-Sender: [email protected]
Return-Path: [email protected]
Message-Id: <233d01ca9e98$73928440$43c9093a@house>
From: � VIAGRA � Official Site <[email protected]>
To: [email protected]
Subject: For decorating ViP ID 95030
MIME-Version: 1.0
Content-Type: text/html; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit |
|
|
|
|
auguste
Master Baiter
Joined: 30 Nov 2009
Posts: 175
Location: yes, how did you know ?
|
Posted:
Tue Jan 26, 2010 4:56 pm |
|
I think this is just a trick viagra sellers use to get past the spam filter. Most of the filters will have yourself as trusted sender. Therefor the mail will end up in your inbox and not your spam guard / filter. |
_________________ My post count has nothing to do with how much i know on any given subject. We are all still learning on the game that is life.
Lets be honest , i know nothing , i google evrything.
This followed me home, honestly. I had nothing to do with the sudden closing down of the account. Alan did it. |
|
|
|
thud419
Baiting Guru
Joined: 04 Jan 2006
Posts: 3193
|
Posted:
Tue Jan 26, 2010 5:34 pm |
|
It's impossible to tell for sure from those headers, but it seems that the mail may have been sent by SMTP using your account... or it may not. I would expect to see another Received line in there where the message was picked up and forwarded to Google, but I don't see anything except Google picking it up. The X-Original-IP is different, but it might have been added by the spammer, so it isn't reliable. My guess is that it was passed on by a non-compliant email server, but there is no evidence of that.
Just to be sure you should change your password and check your profile hasn't been changed (like the secondary mail address where password reminders are sent.)But you shouldn't get too paranoid. |
_________________ Click here to feel warm and cozy.
I did not f**k your wife in any way -- Nike Akanbi
I don't know what else to do or do I continue filling and filling forms. -- Barr. Koloti
you has been dribbling me up and down but I will show some thing you have never seen before, I think you breath air wait and see. -- Barr. Cole
x14
x 0.25 won from Reaper in a sucker's bet
x8 x several |
|
|
|
Bankster
Baiting Guru
Joined: 22 Jun 2007
Posts: 2239
Location: Gone for a while.
|
Posted:
Tue Jan 26, 2010 6:27 pm |
|
Aw man, now that I see the headers it's obvious. Setting sender = recipient is a popular trick among spammers, as it'll get the mail through some spam filters and increase the message's chances of getting your attention (which seems to work well in this case ).
Your Received: headers tell me that the mail was sent by ppp-58-9-201-67.revip2.asianet.co.th [58.9.201.67] directly to mx.google.com. From there it was passed on to different servers within Google's private network (the IP addresses beginning with 10.).
The lack of a DomainKeys header and the SPF=neutral rating mean that the message was not originally sent by a GMail server.
In other words, the message was sent from somewhere in Thailand without accessing your account or any other Google service besides the server that accepts incoming mail for your account. The real-life equivalent would be somebody personally dropping a letter in your mailbox that has your address as both the sender and the recipient. Nothing to worry about. |
_________________ Whoever said you can't touch happiness has never petted a dog.
( ) x10 __ x? |
|
|
|
|