|
OT - Tracing Spoof Email???
Someone hijacked Nora's email address and sent a bunch of dirty email out in mass. Not to anyone in her address book - simply to a lot of email addresses. We know, because we got about 15 mailer-daemons (spam) back with the subject, and in some cases more info.
So, they did not get into her computer. We have changed passwords. Our McAfee is up to date and current, and a scan shows no infections, etc. Apparently, they chose her email for some reason as the "from" address. I have communicated with AOL and they assure me there is nothing wrong with her account, and the "sent" folder shows only messages she has sent. Is there any way that one (or someone) can tell from the Mailer-Daemons and other returns who was the culprit who sent the emails?? I suspect a neighbor down the street as a result of a recent unpleasantness. |
That has happened with my e-mail, as well; I changed carriers, and discovered that they just moved on to my Facebook account.
MAJOR change in access............. |
It's very difficult to trace. Basically, with the right program, you can insert any email address as the "From" person.
One of the common ways that people get email addresses is to copy those stupid "You have to see this" emails that encourage you to send it to everybody you know. The forwarding list includes dozens of emails that are easy to gather. It's pretty harmless, unless one get's sent to her boss or something :) |
Spoof emails
Originally Posted by DnvrFox
(Post 11053937)
Someone hijacked Nora's email address and sent a bunch of dirty email out in mass. Not to anyone in her address book - simply to a lot of email addresses. We know, because we got about 15 mailer-daemons (spam) back with the subject, and in some cases more info.
So, they did not get into her computer. We have changed passwords. Our McAfee is up to date and current, and a scan shows no infections, etc. Apparently, they chose her email for some reason as the "from" address. I have communicated with AOL and they assure me there is nothing wrong with her account, and the "sent" folder shows only messages she has sent. Is there any way that one (or someone) can tell from the Mailer-Daemons and other returns who was the culprit who sent the emails?? I suspect a neighbor down the street as a result of a recent unpleasantness. I visited My Space and Facebook one time each and have received thousands of B.S. email since. Live and Learn. Also, If you neighbor down the street knows your wife's email address, he can use it to create these emails. Before you go down the street and stomp your neighbor, see if your wife uses the free social sites. |
Denver, email addresses are very easy to get. Even from places that one would think were "safe". I recently was checking the Terms Of Service from several sites, including this one, and discovered that many in very circumspect language say that they are free to do whatever they please with your information, including your IP and email.
In one case I got an email that was, in my opinon, pretty nasty from one of my own email addresses. What was I to do? I chose to respond to anyone who is offended and otherwise ignore it. BUT, in my case my passwords and other identifying information I use for public forums like this are not even vaguely related to any I use for any transaction that has any meaning. I'm starting to believe that not all people are as careful. Just part of the current age I guess. |
Originally Posted by Donegal
(Post 11054077)
First thing I would do is get an email address that is only used for business. I made the mistake of using my main email to look at a friend's page on facebook and the B.S. began. Most all of the free social sites contain lurkers that find it funny to get into other people's business. If you visit any of those sites, get a free email address and use it. You can throw it away when you are done.
I visited My Space and Facebook one time each and have received thousands of B.S. email since. Live and Learn. Also, If you neighbor down the street knows your wife's email address, he can use it to create these emails. Before you go down the street and stomp your neighbor, see if your wife uses the free social sites. As to an address for "business" if you mean personal business that makes sense but if you mean commercial Internet "business" like purchases or little used sites you need to sign-up for be careful. That can be where spammers harvest your address. That is where it can help to have a spare web based email account that you use when (and if) you sign up for things on the Internet. I have an @excite.com address I have used for that purpose for years. That account gets tons of stuff that I am not interested in - probably 20-30 a day. I simply skim through the message subjects and delete 90% of them without a second glance. In my other accounts (personal business) the vast majority of email is stuff I expect.. |
DF,
Yes - just like with snail mail you can put any return address into an email with the right email program and a cooperative email server. However what most people don't know is that emails can carry a lot more information about the path they took to get to your inbox. With Microsoft office outlook and other email programs you can view the email header and in that will be information about the originating email server that sent the message out. That won't tell you who sent it but it will tell you from what provider it was sent. In that header is also a message ID - a unique serial number for that message. If the message was sent from a reputable provider they may be able and willing to track down just where (and who) the message came from. At that point you could initiate legal action. :geek: |
If you want to trace the true origin of an email you need to look at the message headers, specifically the "Received:" lines. Although the sender's address can be trivially forged, the "Received:" header lines are added by each machine on the internet that handles that piece of mail and thus are not under the control of the sender. IOW, they are quite difficult to forge.
These header lines are normally suppressed by your mail client software, because most of the time you are more interested in the message content than how it was delivered to you. I use Mozilla's "Thunderbird" email program; to see the message headers you use CONTROL-U or from the main menu bar "View...Message Source." I suspect other email software e.g. Microsoft's Outlook or Outlook Express has a similar method. Once you have the message source, you look at the "Received:" lines at the top of the text. Here's one from a recent PayPal "phishing" attempt: Return-Path: <service@paypal.com> Received: from mailserver.eagleshoes.com.cn ([61.145.9.75]) by atuin.os2.dhs.org (8.14.4/8.13.8) with ESMTP id o5P011HR010485 for <john@os2.dhs.org>; Thu, 24 Jun 2010 19:01:07 -0500 (CDT) (envelope-from service@paypal.com) Received: from User ([211.241.199.209] RDNS failed) by mailserver.eagleshoes.com.cn with Microsoft SMTPSVC(6.0.3790.3959); Fri, 25 Jun 2010 07:37:32 +0800 Reply-To: <no-reply> From: "PayPal"<service@paypal.com> Subject: PayPal - Please Update Your PayPal Account ! Date: Fri, 25 Jun 2010 08:27:58 +0900 The "Return-Path:" and "From:" lines are trivially forged by the sender; here they are set to imply that the message came from paypal.com. The "Received:" lines don't lie, and show the true origin. Each computer that handles the message adds its own "Received:" line above the previous one, so the last "Received:" line shows the ultimate origin of the message. Sometimes there can be quite a list of these. In this case, the last one shows that the message was sent from someone named "User" at IP address 211.241.199.209. A whois lookup of 211.241.199.209 shows: KRNIC is not an ISP but a National Internet Registry similar to APNIC. The following is organization information that is using the IPv4 address. IPv4 Address : 211.241.199.128-211.241.199.255 Network Name : KRLINE-LLINE-IM Connect ISP Name : HINETWORKS Connect Date : 20030619 Registration Date : 20030709 Publishes : Y [ Organization Information ] Organization ID : ORG280300 Org Name : IMNETPIA Address : Seocho4-dong, Seocho-gu, Seoul Detail Address : 1303-16Alliancheu Gangnamsaok 8Fl. Zip Code : 135-080 [ Technical Contact Information ] Name : Kisun Kim Org Name : IMNETPIA Address : Seocho4-dong, Seocho-gu, Seoul Detail Address : 1303-16Alliancheu Gangnamsaok 8Fl. Zip Code : 135-080 Phone : +82-2-599-5633 E-Mail : kskim@imnetpia.com Obviously, this is *NOT* paypal.com; the IP address in question is registered to a Korean business, quite likely a small internet service provider who resells access through the block of dynamically assigned IP addresses listed. If you feel motivated, you could contact the technical person through the email address provided. If you do complain, be sure to send the entire message, including all the header lines so the system administrator has a chance to use their system logs to track down who was responsible for the message. The message was accepted by mailserver.eagleshoes.com.cn, which in turn relayed it to my mail server "atuin.os2.dhs.org" which tossed it to my spam filter which dumped it in my Junk folder. In any case, eagleshoes.com.cn should *NOT* be running an open email relay because spammers use them to distribute their messages freely. Running a "whois" query on mailserver.eagleshoes.com.cn's IP address (61.145.9.75) gives me (among other things) an "abuse" email address I can use to complain about their open relay and encourage them to tighten up their security to prevent this type of exploitation. HTH... |
Just to show how easy it is, check in your spam filter to see how many of the spams came from your own email address. I don't know if that helps get past some filters, or if it's just convenient for them.
|
It used to be common for virii to turn the victim machine into a spambot, and insert addresses found on the victim machine into the 'from' field. If that's what is happening, it could be anyone who has your wife's email address saved. They probably don't even know it's happening.
|
Thanks for all the feedback and suggestions. WOW!! Worse than obscene phone calls. I guess the nuts of the world will always find a way.
|
I just had the same problem a couple of weeks ago. I had to go in and change email passwords on our home Internet account - that seemed to stop it.
|
It happened to me two years ago; ended up changing my email address. Big PITA.
|
This is actually fairly common. All emails pass through a variety of relay servers before ending up where they belong. Email hackers use "sniffer" programs to watch traffic on common relays and harvest addresses. There is a thriving black market on the "shadow net" in email lists. Most buyers use them to send bulk spam but some have programs that try and crack the passwords on various accounts then use them either for general mischief or to transmit illegal materials.
First, use a good password or actually a passphrase which includes upper and lower case letters and numbers. These are much more difficult to crack. A password that is one or two words found in a dictionary can usually be cracked in less than a minute by programs designed for the purpose. Second get a web based email account that has robust anti-hacker protection, I recommend gmail from google. They also have excellent spam filters. |
| All times are GMT -6. The time now is 04:48 AM. |
Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.