Advertise on Bikeforums.net



User Tag List

Results 1 to 14 of 14
  1. #1
    Email for new group DnvrFox's Avatar
    Join Date
    Aug 2001
    Location
    Send email to dnvrfox@aol.com for new group
    Posts
    20,887
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    OT - Tracing Spoof Email???

    Someone hijacked Nora's email address and sent a bunch of dirty email out in mass. Not to anyone in her address book - simply to a lot of email addresses. We know, because we got about 15 mailer-daemons (spam) back with the subject, and in some cases more info.

    So, they did not get into her computer. We have changed passwords. Our McAfee is up to date and current, and a scan shows no infections, etc.

    Apparently, they chose her email for some reason as the "from" address. I have communicated with AOL and they assure me there is nothing wrong with her account, and the "sent" folder shows only messages she has sent.

    Is there any way that one (or someone) can tell from the Mailer-Daemons and other returns who was the culprit who sent the emails??

    I suspect a neighbor down the street as a result of a recent unpleasantness.
    Almost gone from the 50+ forum. - Email me at dnvrfox@aol.com for another fun new group of 50+ folks

  2. #2
    Banned
    Join Date
    Jun 2009
    Posts
    4,793
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    That has happened with my e-mail, as well; I changed carriers, and discovered that they just moved on to my Facebook account.

    MAJOR change in access.............

  3. #3
    Sputnik - beep beep beep Wake's Avatar
    Join Date
    Oct 2008
    Location
    Louisville KY
    My Bikes
    '12 Jamis Coda Elite '09 Jamis Sputnik, '07 Jamis Eclipse, '13 Brompton M6R.
    Posts
    481
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It's very difficult to trace. Basically, with the right program, you can insert any email address as the "From" person.

    One of the common ways that people get email addresses is to copy those stupid "You have to see this" emails that encourage you to send it to everybody you know. The forwarding list includes dozens of emails that are easy to gather.

    It's pretty harmless, unless one get's sent to her boss or something

  4. #4
    Road Nazi Hunter Donegal's Avatar
    Join Date
    Jul 2007
    Location
    Slow! But Ahead of You.
    My Bikes
    Kuota Kredo, Litespeed Vortex, Aegis Victory, Burley Tandem, Cannondale Rush
    Posts
    409
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Spoof emails

    Quote Originally Posted by DnvrFox View Post
    Someone hijacked Nora's email address and sent a bunch of dirty email out in mass. Not to anyone in her address book - simply to a lot of email addresses. We know, because we got about 15 mailer-daemons (spam) back with the subject, and in some cases more info.

    So, they did not get into her computer. We have changed passwords. Our McAfee is up to date and current, and a scan shows no infections, etc.

    Apparently, they chose her email for some reason as the "from" address. I have communicated with AOL and they assure me there is nothing wrong with her account, and the "sent" folder shows only messages she has sent.

    Is there any way that one (or someone) can tell from the Mailer-Daemons and other returns who was the culprit who sent the emails??

    I suspect a neighbor down the street as a result of a recent unpleasantness.
    First thing I would do is get an email address that is only used for business. I made the mistake of using my main email to look at a friend's page on facebook and the B.S. began. Most all of the free social sites contain lurkers that find it funny to get into other people's business. If you visit any of those sites, get a free email address and use it. You can throw it away when you are done.

    I visited My Space and Facebook one time each and have received thousands of B.S. email since. Live and Learn.

    Also, If you neighbor down the street knows your wife's email address, he can use it to create these emails. Before you go down the street and stomp your neighbor, see if your wife uses the free social sites.
    Rubber Side Down Racing Team
    My Other Home:http://DonGaleHomes.com

  5. #5
    Senior Member
    Join Date
    May 2008
    Posts
    2,406
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Denver, email addresses are very easy to get. Even from places that one would think were "safe". I recently was checking the Terms Of Service from several sites, including this one, and discovered that many in very circumspect language say that they are free to do whatever they please with your information, including your IP and email.

    In one case I got an email that was, in my opinon, pretty nasty from one of my own email addresses. What was I to do? I chose to respond to anyone who is offended and otherwise ignore it.

    BUT, in my case my passwords and other identifying information I use for public forums like this are not even vaguely related to any I use for any transaction that has any meaning. I'm starting to believe that not all people are as careful.

    Just part of the current age I guess.
    It is better to smell the flowers than taste the roots.

  6. #6
    Senior Member donheff's Avatar
    Join Date
    Jun 2007
    Location
    Capitol Hill, Washington, DC
    My Bikes
    Specialized Tricross Comp
    Posts
    1,244
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Donegal View Post
    First thing I would do is get an email address that is only used for business. I made the mistake of using my main email to look at a friend's page on facebook and the B.S. began. Most all of the free social sites contain lurkers that find it funny to get into other people's business. If you visit any of those sites, get a free email address and use it. You can throw it away when you are done.

    I visited My Space and Facebook one time each and have received thousands of B.S. email since. Live and Learn.

    Also, If you neighbor down the street knows your wife's email address, he can use it to create these emails. Before you go down the street and stomp your neighbor, see if your wife uses the free social sites.
    I think you ran into some other problem. Either you did something else that exposed your address at about the same time you visited Facebook or you made your entire Facebook profile including your email address public which would be asking for spam. It isn't like lurkers can hang out in cyberspace and see your email address floating by when you visit Facebook.

    As to an address for "business" if you mean personal business that makes sense but if you mean commercial Internet "business" like purchases or little used sites you need to sign-up for be careful. That can be where spammers harvest your address. That is where it can help to have a spare web based email account that you use when (and if) you sign up for things on the Internet. I have an @excite.com address I have used for that purpose for years. That account gets tons of stuff that I am not interested in - probably 20-30 a day. I simply skim through the message subjects and delete 90% of them without a second glance. In my other accounts (personal business) the vast majority of email is stuff I expect..
    Last edited by donheff; 07-03-10 at 05:54 AM.
    Every man is, or hopes to be, an Idler. -- Samuel Johnson

  7. #7
    gone ride'n cyclinfool's Avatar
    Join Date
    Aug 2007
    Location
    Upstate NY
    My Bikes
    Simoncini, Gary Fisher, Specialized Tarmac
    Posts
    4,052
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    DF,

    Yes - just like with snail mail you can put any return address into an email with the right email program and a cooperative email server. However what most people don't know is that emails can carry a lot more information about the path they took to get to your inbox.

    With Microsoft office outlook and other email programs you can view the email header and in that will be information about the originating email server that sent the message out. That won't tell you who sent it but it will tell you from what provider it was sent. In that header is also a message ID - a unique serial number for that message. If the message was sent from a reputable provider they may be able and willing to track down just where (and who) the message came from. At that point you could initiate legal action.

    "Of all the things I ever lost I miss my mind the most." Mark Twain
    If all you have is a hammer, every problem looks like a nail.

  8. #8
    Old fart JohnDThompson's Avatar
    Join Date
    Nov 2004
    Location
    Appleton WI
    My Bikes
    Several, mostly not name brands.
    Posts
    12,850
    Mentioned
    11 Post(s)
    Tagged
    0 Thread(s)
    If you want to trace the true origin of an email you need to look at the message headers, specifically the "Received:" lines. Although the sender's address can be trivially forged, the "Received:" header lines are added by each machine on the internet that handles that piece of mail and thus are not under the control of the sender. IOW, they are quite difficult to forge.

    These header lines are normally suppressed by your mail client software, because most of the time you are more interested in the message content than how it was delivered to you. I use Mozilla's "Thunderbird" email program; to see the message headers you use CONTROL-U or from the main menu bar "View...Message Source." I suspect other email software e.g. Microsoft's Outlook or Outlook Express has a similar method.

    Once you have the message source, you look at the "Received:" lines at the top of the text. Here's one from a recent PayPal "phishing" attempt:

    Return-Path: <service@paypal.com>
    Received: from mailserver.eagleshoes.com.cn ([61.145.9.75])
    by atuin.os2.dhs.org (8.14.4/8.13.8) with ESMTP id o5P011HR010485
    for <john@os2.dhs.org>; Thu, 24 Jun 2010 19:01:07 -0500 (CDT)
    (envelope-from service@paypal.com)
    Received: from User ([211.241.199.209] RDNS failed) by mailserver.eagleshoes.com.cn with Microsoft SMTPSVC(6.0.3790.3959);
    Fri, 25 Jun 2010 07:37:32 +0800
    Reply-To: <no-reply>
    From: "PayPal"<service@paypal.com>
    Subject: PayPal - Please Update Your PayPal Account !
    Date: Fri, 25 Jun 2010 08:27:58 +0900

    The "Return-Path:" and "From:" lines are trivially forged by the sender; here they are set to imply that the message came from paypal.com. The "Received:" lines don't lie, and show the true origin. Each computer that handles the message adds its own "Received:" line above the previous one, so the last "Received:" line shows the ultimate origin of the message. Sometimes there can be quite a list of these.

    In this case, the last one shows that the message was sent from someone named "User" at IP address 211.241.199.209. A whois lookup of 211.241.199.209 shows:

    KRNIC is not an ISP but a National Internet Registry similar to APNIC.
    The following is organization information that is using the IPv4 address.

    IPv4 Address : 211.241.199.128-211.241.199.255
    Network Name : KRLINE-LLINE-IM
    Connect ISP Name : HINETWORKS
    Connect Date : 20030619
    Registration Date : 20030709
    Publishes : Y

    [ Organization Information ]
    Organization ID : ORG280300
    Org Name : IMNETPIA
    Address : Seocho4-dong, Seocho-gu, Seoul
    Detail Address : 1303-16Alliancheu Gangnamsaok 8Fl.
    Zip Code : 135-080

    [ Technical Contact Information ]
    Name : Kisun Kim
    Org Name : IMNETPIA
    Address : Seocho4-dong, Seocho-gu, Seoul
    Detail Address : 1303-16Alliancheu Gangnamsaok 8Fl.
    Zip Code : 135-080
    Phone : +82-2-599-5633
    E-Mail : kskim@imnetpia.com

    Obviously, this is *NOT* paypal.com; the IP address in question is registered to a Korean business, quite likely a small internet service provider who resells access through the block of dynamically assigned IP addresses listed. If you feel motivated, you could contact the technical person through the email address provided. If you do complain, be sure to send the entire message, including all the header lines so the system administrator has a chance to use their system logs to track down who was responsible for the message.

    The message was accepted by mailserver.eagleshoes.com.cn, which in turn relayed it to my mail server "atuin.os2.dhs.org" which tossed it to my spam filter which dumped it in my Junk folder. In any case, eagleshoes.com.cn should *NOT* be running an open email relay because spammers use them to distribute their messages freely. Running a "whois" query on mailserver.eagleshoes.com.cn's IP address (61.145.9.75) gives me (among other things) an "abuse" email address I can use to complain about their open relay and encourage them to tighten up their security to prevent this type of exploitation.

    HTH...

  9. #9
    Randomhead
    Join Date
    Aug 2008
    Location
    Happy Valley, Pennsylvania
    Posts
    12,653
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Just to show how easy it is, check in your spam filter to see how many of the spams came from your own email address. I don't know if that helps get past some filters, or if it's just convenient for them.

  10. #10
    Senior Member BlazingPedals's Avatar
    Join Date
    Dec 2004
    Location
    Middle of da Mitten
    My Bikes
    Trek 7500, RANS V-Rex, Optima Baron, Velokraft NoCom, M-5 Carbon Highracer, homebuilt recumbent
    Posts
    7,229
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    It used to be common for virii to turn the victim machine into a spambot, and insert addresses found on the victim machine into the 'from' field. If that's what is happening, it could be anyone who has your wife's email address saved. They probably don't even know it's happening.

  11. #11
    Email for new group DnvrFox's Avatar
    Join Date
    Aug 2001
    Location
    Send email to dnvrfox@aol.com for new group
    Posts
    20,887
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Thanks for all the feedback and suggestions. WOW!! Worse than obscene phone calls. I guess the nuts of the world will always find a way.
    Almost gone from the 50+ forum. - Email me at dnvrfox@aol.com for another fun new group of 50+ folks

  12. #12
    Senior Member BengeBoy's Avatar
    Join Date
    Jul 2007
    Location
    Seattle, Washington, USA
    My Bikes
    2009 Chris Boedeker custom, 1988 Tommasini Prestige, 2007 Bill Davidson custom; 1988 Specialized Stumpjumper
    Posts
    6,922
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I just had the same problem a couple of weeks ago. I had to go in and change email passwords on our home Internet account - that seemed to stop it.

  13. #13
    Senior Member
    Join Date
    Dec 2001
    Posts
    4,866
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It happened to me two years ago; ended up changing my email address. Big PITA.

  14. #14
    Senior Member Laserman's Avatar
    Join Date
    Sep 2009
    Location
    Metro Detroit
    My Bikes
    09 Giant Cypress DX, 89 Schwinn Cruiser Supreme
    Posts
    379
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    This is actually fairly common. All emails pass through a variety of relay servers before ending up where they belong. Email hackers use "sniffer" programs to watch traffic on common relays and harvest addresses. There is a thriving black market on the "shadow net" in email lists. Most buyers use them to send bulk spam but some have programs that try and crack the passwords on various accounts then use them either for general mischief or to transmit illegal materials.
    First, use a good password or actually a passphrase which includes upper and lower case letters and numbers. These are much more difficult to crack.
    A password that is one or two words found in a dictionary can usually be cracked in less than a minute by programs designed for the purpose.
    Second get a web based email account that has robust anti-hacker protection, I recommend gmail from google. They also have excellent spam filters.
    Set phasers to butt-whup!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •