spoofing?

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

Posted: Mon Nov 24, 2008 9:34 am

I just have received this email. Now I want to know how he could manage to send that mail obviously from an US Army server. Is it Spoofing or hacking?

Quote:

von JERRY HUNTERS <[email protected]>

Antwort an [email protected]

an [email protected]

Datum 24. November 2008 09:50

Betreff GOOD DAY,PLEASE CONSIDER THIS

Details ausblenden 09:50 (Vor 40 Minuten)

Antworten

FROM:
SGT.JERRY HUNTERS
FORMERLY US MILITARY SERVICE
IN IRAQ.

Dear Friend,

Greetings,
I know you would be surprised to read from someone relatively unknown to you before now. My name is Jerry Hunters, a master sgt. of The U.S. Army, deployed to Iraq in the beginning of the war in 2003.I would like to share some highly personal classified information about my personal experience and role which I played in the pursuit of my career serving under the U.S ARMY which was at the fore-front of the war in Iraq.

For the fact that the tension has reduced drastically,however, I would like to hold back certain information for security reasons for now until you have found time to visit the BBC website stated below to enable you have insight regarding what I intend to share with you, believing that it would be of your desired interest in one way or the other. Here is a BBC news listing that confirms what I share with you.

http://news.bbc.co.uk/2/hi/middle_east/2988455.stm

Also, could you please get back to me having visited the above website to enable us discuss in a more vivid manner to the best of your understanding? I must say that I'm very uncomfortable sending this message to you without knowing truly if you would misconstrue the importance and decide to go public.

In this regards, I will not hold back to say that the essence of this letter is strictly for mutual benefit of you and I and nothing more. I will be more vivid and coherent in my next email in this regards. Meanwhile, could you send me a mail confirming you have visited the site and understood my intentions? Standing by for your response on [email protected].

Warm regards,
Sgt.Jerry Hunter

any ideas or suggestions please ?

here is the full header:

Quote:

Delivered-To: [email protected]
Received: by 10.187.222.20 with SMTP id z20cs457433faq;
Mon, 24 Nov 2008 00:51:00 -0800 (PST)
Received: by 10.151.9.1 with SMTP id m1mr6705310ybi.51.1227516658619;
Mon, 24 Nov 2008 00:50:58 -0800 (PST)
Return-Path: <[email protected]>
Received: from mta238.mail.re2.yahoo.com (mta238.mail.re2.yahoo.com [206.190.53.238])
by mx.google.com with SMTP id 3si5062762gxk.26.2008.11.24.00.50.58;
Mon, 24 Nov 2008 00:50:58 -0800 (PST)
Received-SPF: neutral (google.com: 206.190.53.238 is neither permitted nor denied by best guess record for domain of [email protected]) client-ip=206.190.53.238;
Authentication-Results: mx.google.com; spf=neutral (google.com: 206.190.53.238 is neither permitted nor denied by best guess record for domain of [email protected]) [email protected]
Return-Path: <[email protected]>
X-RocketTIP: 194.112.32.65: NO_TIP_HEADER_ALLOWED
X-RocketSRV: s_ip=194.112.32.65;d_t=1227516657;url=bbc.co.uk,http://news.bbc.co.uk/2/hi/middle_east/2988455.stm,live.com,mailto:[email protected];Retro=Y;SgrnP=N
X-Rocket-Spam: 194.112.32.65
X-YahooFilteredBulk: 194.112.32.65
X-Rocket-Track: cat=BK; info=ip:BK<ip=194.112.32.65,policy=g-w0,n0,g100,s_s,wgn=g-w0,n10,g90,rep=g-w0,n0,g100>;ipsh:UK<ip=194.112.32.65,policy=P=-1,X=-1,S=-1>;url2db:GD<url=bbc.co.uk>
X-YMailISG: SOywsJsWLDt4907JLQ67hsfSTPnb0InFwLPMYsiKGhULctGwJw...l
X-Originating-IP: [194.112.32.65]
Authentication-Results: mta238.mail.re2.yahoo.com from=iraq.us.army.mil; domainkeys=neutral (no sig)
Received: from 194.112.32.65 (EHLO mailhost1.dircon.co.uk) (194.112.32.65)
by mta238.mail.re2.yahoo.com with SMTP; Mon, 24 Nov 2008 00:50:57 -0800
Received: from w02.web.dircon.net (w02.web.dircon.net [195.157.68.1])
by mailhost1.dircon.co.uk (Postfix) with ESMTP id 012D016E7AE
for <[email protected]>; Mon, 24 Nov 2008 08:50:54 +0000 (GMT)
Received: (from nobody@localhost)
by w02.web.dircon.net (8.9.3+Sun/8.9.3) id IAA27476;
Mon, 24 Nov 2008 08:50:53 GMT
Date: Mon, 24 Nov 2008 08:50:53 GMT
Message-Id: <[email protected]>
To: [email protected]
Subject: GOOD DAY,PLEASE CONSIDER THIS
From: JERRY HUNTERS <[email protected]>
Reply-To: [email protected]
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 8bit

Posted: Mon Nov 24, 2008 10:00 am

A quick DNS-query suggests that a server with that name doesn't even exist.

Quote:

host iraq.us.army.mil
Host iraq.us.army.mil not found: 3(NXDOMAIN)

Either way, even if this would point to a real mail-server, I'd say spoofing for two reasons:

Spoofing is a lot easier than hacking
One should imagine that the US Army should have people capable of securing a mail-server. As the NSA develops SELinux, a security extension for the already pretty secure Linux, I am quite sure that this also is used on US Army servers. Thus making a hostile take-over even harder.
That a US Army server is configured to allow relaying also seems quite unlikely. As said, one should think that they have capable people there taking care of their IT. If not, I'd take the job.
Anybody stupid enough to hack a US Army server would surely find themselves on the list that holds all the nations, organizations and individuals who comprise the "Axis of Evil", probably right alongside Wal-Mart and IKEA...

Posted: Mon Nov 24, 2008 11:13 am

Quote:

/2988455.stm,live.com,mailto:[email protected];Retro=Y;SgrnP=N

I don't know much about SMTP but I would wager that this is the true source address.

EDIT:

Quote:

Reply-To: [email protected]

Along with that.