SmartFeedSmartFeed          

Porsche Hangout


WELCOME - YOU ARE CURRENTLY VIEWING 419EATER AS A GUEST

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

ScamWarners.com - Internet Anti-Fraud Center - now open!


 Someone sent me spam from my own email address

View next topic
View previous topic
 
Post new topicReply to topic
Author Message
Noahflintstone
Not quite a Newb


Joined: 21 Jan 2010
Posts: 21


PostPosted: Tue Jan 26, 2010 4:12 pm Reply with quoteBack to top

I recieved some spam from my own work email address today about viagra, Does this mean my account has been hacked? What are the chances that the same email was sent to any body else using my account? I traced the email and it came from my account but IP in bangkok.

Bit concerned people are recieving viagra spam from my email and I don't want to be known for that Very Happy
View user's profileSend private message
Bankster
Lab Rat


Joined: 22 Jun 2007
Posts: 2238
Location: Gone for a while.


PostPosted: Tue Jan 26, 2010 4:27 pm Reply with quoteBack to top

There's probably not much you can do about somebody using your e-mail address. One can put pretty much anything they please in the From: field. That doesn't necessarily mean your account has been hacked (much like I can send a letter in your name without having access to the mailbox in front of your house).

There are some tools around to verify the sender of an e-mail (SPF, DomainKeys), but not all providers use these.

Can you post the message headers? They'll tell you where the viagra mail actually came from.

_________________
Whoever said you can't touch happiness has never petted a dog.

Elite Ninja Team Member Easter Egg 2012 Goat Golden Goat Purple Flower Penguin
(United States United Kingdom Benin China Nigeria) x10 __ x?
View user's profileSend private messageSkype Name
thud419
Baiting Guru


Joined: 04 Jan 2006
Posts: 3194


PostPosted: Tue Jan 26, 2010 4:29 pm Reply with quoteBack to top

It is highly likely that your email address was just used for the "From" address in the email. The spammer doesn't need to hack you to do that, just use a mass-mailer that isn't choosy about how it constructs the mail. Since it's a work address, I assume that it wouldn't be accessible from Bangkok, like Hotmail or Yahoo would be. You can be absolutely certain if you follow the "Received" headers in the email, but even without seeing them, it's almost definite that you have nothing to worry about.

...Except receiving all the bounce messages for the entire spam run, which is possible. If you get those, then you may well get on spam black-lists, and receive nasty emails from ill-informed people who think you sent the message.

_________________
Click here to feel warm and cozy.

I did not f**k your wife in any way -- Nike Akanbi
I don't know what else to do or do I continue filling and filling forms. -- Barr. Koloti
you has been dribbling me up and down but I will show some thing you have never seen before, I think you breath air wait and see. -- Sand Timer Barr. Cole
Cellphone x14
United States x 0.25 won from Reaper in a sucker's bet

Hello Kitty! pony Mortar x8 Closed lad accounts x several
View user's profileSend private messageSend e-mailVisit poster's website
r2d2
Master of Master Baiters


Joined: 19 Apr 2009
Posts: 796
Location: in a galaxy far far away


PostPosted: Tue Jan 26, 2010 4:30 pm Reply with quoteBack to top

i think it is possible to make an email seem to be sent by a certain email address,
without it actually being sent by that address.
however, only a human recipient will be fooled - the headers contain the unambiguous truth.
i doubt you have cause for concern, but please post them so the experts can take a look.

_________________
United Kingdom Closed lad accounts x4
Climate Change for Dummies
Climate Sceptic Myths Debunked
View user's profileSend private messageSend e-mail
Noahflintstone
Not quite a Newb


Joined: 21 Jan 2010
Posts: 21


PostPosted: Tue Jan 26, 2010 4:33 pm Reply with quoteBack to top

To do that would give away my real identity Laughing

My email address contains my full name

I did use http://www.ip-adress.com/trace_email/ to check it says it was sent from my email but address in Bankok, never even been there before Shocked

Unless I'm having a 'fight club' moment Very Happy
View user's profileSend private message
Bankster
Lab Rat


Joined: 22 Jun 2007
Posts: 2238
Location: Gone for a while.


PostPosted: Tue Jan 26, 2010 4:42 pm Reply with quoteBack to top

Quote:
Unless I'm having a 'fight club' moment

You should keep that theory in mind in case it turns out the sender was actually you.

Besides that, your e-mail address appears to have been used as a fake sender address by spammers, which is annoying but not much to worry about. Happens to me all the time, if that's of any comfort. Smile

_________________
Whoever said you can't touch happiness has never petted a dog.

Elite Ninja Team Member Easter Egg 2012 Goat Golden Goat Purple Flower Penguin
(United States United Kingdom Benin China Nigeria) x10 __ x?
View user's profileSend private messageSkype Name
r2d2
Master of Master Baiters


Joined: 19 Apr 2009
Posts: 796
Location: in a galaxy far far away


PostPosted: Tue Jan 26, 2010 4:43 pm Reply with quoteBack to top

by all means edit out your name and anything before an '@' Smile

if the from: field has been spoofed, the headers will contain extra lines that an expert can easily identify as being faked - that's why i suggested posting headers.

_________________
United Kingdom Closed lad accounts x4
Climate Change for Dummies
Climate Sceptic Myths Debunked
View user's profileSend private messageSend e-mail
Noahflintstone
Not quite a Newb


Joined: 21 Jan 2010
Posts: 21


PostPosted: Tue Jan 26, 2010 4:49 pm Reply with quoteBack to top

Well without my name in it appears as:

Delivered-To: [email protected]
Received: by 10.213.109.4 with SMTP id h4cs132503ebp;
Tue, 26 Jan 2010 00:02:02 -0800 (PST)
Received: by 10.141.213.29 with SMTP id p29mr5462516rvq.103.1264492920974;
Tue, 26 Jan 2010 00:02:00 -0800 (PST)
Return-Path: <[email protected]>
Received: from ppp-58-9-201-67.revip2.asianet.co.th (ppp-58-9-201-67.revip2.asianet.co.th [58.9.201.67])
by mx.google.com with SMTP id 8si8638293pxi.19.2010.01.26.00.01.27;
Tue, 26 Jan 2010 00:02:00 -0800 (PST)
Received-SPF: neutral (google.com: 58.9.201.67 is neither permitted nor denied by domain of [email protected]) client-ip=58.9.201.67;
Authentication-Results: mx.google.com; spf=neutral (google.com: 58.9.201.67 is neither permitted nor denied by domain of [email protected]) [email protected]
Date: Tue, 26 Jan 2010 00:02:00 -0800 (PST)
X-Originating-IP: [51.140.495.2]
X-Originating-Email: [[email protected]]
X-Sender: [email protected]
Return-Path: [email protected]
Message-Id: <[email protected]>
From: � VIAGRA � Official Site <[email protected]>
To: [email protected]
Subject: For decorating ViP ID 95030
MIME-Version: 1.0
Content-Type: text/html; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
View user's profileSend private message
auguste
Master Baiter


Joined: 30 Nov 2009
Posts: 175
Location: yes, how did you know ?


PostPosted: Tue Jan 26, 2010 4:56 pm Reply with quoteBack to top

I think this is just a trick viagra sellers use to get past the spam filter. Most of the filters will have yourself as trusted sender. Therefor the mail will end up in your inbox and not your spam guard / filter.

_________________
My post count has nothing to do with how much i know on any given subject. We are all still learning on the game that is life.
Lets be honest , i know nothing , i google evrything.
This Closed lad accounts followed me home, honestly. I had nothing to do with the sudden closing down of the account. Alan did it.
View user's profileSend private message
thud419
Baiting Guru


Joined: 04 Jan 2006
Posts: 3194


PostPosted: Tue Jan 26, 2010 5:34 pm Reply with quoteBack to top

It's impossible to tell for sure from those headers, but it seems that the mail may have been sent by SMTP using your account... or it may not. I would expect to see another Received line in there where the message was picked up and forwarded to Google, but I don't see anything except Google picking it up. The X-Original-IP is different, but it might have been added by the spammer, so it isn't reliable. My guess is that it was passed on by a non-compliant email server, but there is no evidence of that.

Just to be sure you should change your password and check your profile hasn't been changed (like the secondary mail address where password reminders are sent.)But you shouldn't get too paranoid.

_________________
Click here to feel warm and cozy.

I did not f**k your wife in any way -- Nike Akanbi
I don't know what else to do or do I continue filling and filling forms. -- Barr. Koloti
you has been dribbling me up and down but I will show some thing you have never seen before, I think you breath air wait and see. -- Sand Timer Barr. Cole
Cellphone x14
United States x 0.25 won from Reaper in a sucker's bet

Hello Kitty! pony Mortar x8 Closed lad accounts x several
View user's profileSend private messageSend e-mailVisit poster's website
Bankster
Lab Rat


Joined: 22 Jun 2007
Posts: 2238
Location: Gone for a while.


PostPosted: Tue Jan 26, 2010 6:27 pm Reply with quoteBack to top

Aw man, now that I see the headers it's obvious. Setting sender = recipient is a popular trick among spammers, as it'll get the mail through some spam filters and increase the message's chances of getting your attention (which seems to work well in this case Very Happy ).

Your Received: headers tell me that the mail was sent by ppp-58-9-201-67.revip2.asianet.co.th [58.9.201.67] directly to mx.google.com. From there it was passed on to different servers within Google's private network (the IP addresses beginning with 10.).
The lack of a DomainKeys header and the SPF=neutral rating mean that the message was not originally sent by a GMail server.

In other words, the message was sent from somewhere in Thailand without accessing your account or any other Google service besides the server that accepts incoming mail for your account. The real-life equivalent would be somebody personally dropping a letter in your mailbox that has your address as both the sender and the recipient. Nothing to worry about.

_________________
Whoever said you can't touch happiness has never petted a dog.

Elite Ninja Team Member Easter Egg 2012 Goat Golden Goat Purple Flower Penguin
(United States United Kingdom Benin China Nigeria) x10 __ x?
View user's profileSend private messageSkype Name
Display posts from previous:      
Post new topicReply to topic


 Jump to:   



View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



E-Mail Header Analysis


All Content © 2003 - 419Eater.com
Powered by phpBB © 2001, 2002 phpBB Group :S5: FI Theme :: All times are GMT