Someone sent me spam from my own email address

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

Not quite a Newb Joined: 21 Jan 2010 Posts: 21

I recieved some spam from my own work email address today about viagra, Does this mean my account has been hacked? What are the chances that the same email was sent to any body else using my account? I traced the email and it came from my account but IP in bangkok.

Bit concerned people are recieving viagra spam from my email and I don't want to be known for that Very Happy

Posted: Tue Jan 26, 2010 4:27 pm

There's probably not much you can do about somebody using your e-mail address. One can put pretty much anything they please in the From: field. That doesn't necessarily mean your account has been hacked (much like I can send a letter in your name without having access to the mailbox in front of your house).

There are some tools around to verify the sender of an e-mail (SPF, DomainKeys), but not all providers use these.

Can you post the message headers? They'll tell you where the viagra mail actually came from.

Baiting Guru Joined: 04 Jan 2006 Posts: 3193

It is highly likely that your email address was just used for the "From" address in the email. The spammer doesn't need to hack you to do that, just use a mass-mailer that isn't choosy about how it constructs the mail. Since it's a work address, I assume that it wouldn't be accessible from Bangkok, like Hotmail or Yahoo would be. You can be absolutely certain if you follow the "Received" headers in the email, but even without seeing them, it's almost definite that you have nothing to worry about.

...Except receiving all the bounce messages for the entire spam run, which is possible. If you get those, then you may well get on spam black-lists, and receive nasty emails from ill-informed people who think you sent the message.

Posted: Tue Jan 26, 2010 4:30 pm

i think it is possible to make an email seem to be sent by a certain email address,
without it actually being sent by that address.
however, only a human recipient will be fooled - the headers contain the unambiguous truth.
i doubt you have cause for concern, but please post them so the experts can take a look.

Not quite a Newb Joined: 21 Jan 2010 Posts: 21

To do that would give away my real identity Laughing

My email address contains my full name

I did use http://www.ip-adress.com/trace_email/ to check it says it was sent from my email but address in Bankok, never even been there before Shocked

Unless I'm having a 'fight club' moment Very Happy

Posted: Tue Jan 26, 2010 4:42 pm

Quote:

Unless I'm having a 'fight club' moment

You should keep that theory in mind in case it turns out the sender was actually you.

Besides that, your e-mail address appears to have been used as a fake sender address by spammers, which is annoying but not much to worry about. Happens to me all the time, if that's of any comfort. Smile

Posted: Tue Jan 26, 2010 4:43 pm

by all means edit out your name and anything before an '@' Smile

if the from: field has been spoofed, the headers will contain extra lines that an expert can easily identify as being faked - that's why i suggested posting headers.

Not quite a Newb Joined: 21 Jan 2010 Posts: 21

Well without my name in it appears as:

Delivered-To: [email protected]
Received: by 10.213.109.4 with SMTP id h4cs132503ebp;
Tue, 26 Jan 2010 00:02:02 -0800 (PST)
Received: by 10.141.213.29 with SMTP id p29mr5462516rvq.103.1264492920974;
Tue, 26 Jan 2010 00:02:00 -0800 (PST)
Return-Path: <[email protected]>
Received: from ppp-58-9-201-67.revip2.asianet.co.th (ppp-58-9-201-67.revip2.asianet.co.th [58.9.201.67])
by mx.google.com with SMTP id 8si8638293pxi.19.2010.01.26.00.01.27;
Tue, 26 Jan 2010 00:02:00 -0800 (PST)
Received-SPF: neutral (google.com: 58.9.201.67 is neither permitted nor denied by domain of [email protected]) client-ip=58.9.201.67;
Authentication-Results: mx.google.com; spf=neutral (google.com: 58.9.201.67 is neither permitted nor denied by domain of [email protected]) [email protected]
Date: Tue, 26 Jan 2010 00:02:00 -0800 (PST)
X-Originating-IP: [51.140.495.2]
X-Originating-Email: [[email protected]]
X-Sender: [email protected]
Return-Path: [email protected]
Message-Id: <233d01ca9e98$73928440$43c9093a@house>
From: � VIAGRA � Official Site <[email protected]>
To: [email protected]
Subject: For decorating ViP ID 95030
MIME-Version: 1.0
Content-Type: text/html; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit

Posted: Tue Jan 26, 2010 4:56 pm

I think this is just a trick viagra sellers use to get past the spam filter. Most of the filters will have yourself as trusted sender. Therefor the mail will end up in your inbox and not your spam guard / filter.

Baiting Guru Joined: 04 Jan 2006 Posts: 3193

It's impossible to tell for sure from those headers, but it seems that the mail may have been sent by SMTP using your account... or it may not. I would expect to see another Received line in there where the message was picked up and forwarded to Google, but I don't see anything except Google picking it up. The X-Original-IP is different, but it might have been added by the spammer, so it isn't reliable. My guess is that it was passed on by a non-compliant email server, but there is no evidence of that.

Just to be sure you should change your password and check your profile hasn't been changed (like the secondary mail address where password reminders are sent.)But you shouldn't get too paranoid.

Posted: Tue Jan 26, 2010 6:27 pm

Aw man, now that I see the headers it's obvious. Setting sender = recipient is a popular trick among spammers, as it'll get the mail through some spam filters and increase the message's chances of getting your attention (which seems to work well in this case Very Happy

).

Your Received: headers tell me that the mail was sent by ppp-58-9-201-67.revip2.asianet.co.th [58.9.201.67] directly to mx.google.com. From there it was passed on to different servers within Google's private network (the IP addresses beginning with 10.).
The lack of a DomainKeys header and the SPF=neutral rating mean that the message was not originally sent by a GMail server.

In other words, the message was sent from somewhere in Thailand without accessing your account or any other Google service besides the server that accepts incoming mail for your account. The real-life equivalent would be somebody personally dropping a letter in your mailbox that has your address as both the sender and the recipient. Nothing to worry about.

Someone sent me spam from my own email address	View next topic View previous topic