Location
  • San Luis Obispo,
  • California,
  • United States

Top Contributors

Spam I received via za alias, apparently also sent by me...

The from-field says: ce cis <cecisss131@msn.com>
And sent-by contains: sjef_bosman@experts-exchange.com

Two questions:
- Can EE's router still be used by external clients as a mail relay??
- I'm pretty sure it just a  spoofed mail, but to be really sure: is my EE account "hacked"?

The IP-address 40.92.14.28 (see below) is close to Wichita (Kansas), according to traceIp.net

Some of the mail's header:

Received: from NAM05-DM3-obe.outbound.protection.outlook.com (mail-oln040092014028.outbound.protection.outlook.com. [40.92.14.28])
        by mx.google.com with ESMTPS id f126-v6si5868768pgc.625.2018.06.28.06.56.55
        for <redacted>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
        Thu, 28 Jun 2018 06:56:55 -0700 (PDT)
Received: from DM3NAM05FT057.eop-nam05.prod.protection.outlook.com
 (10.152.98.56) by DM3NAM05HT068.eop-nam05.prod.protection.outlook.com
 (10.152.98.255) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.20.906.10; Thu, 28
 Jun 2018 13:56:54 +0000
Received: from CY1PR08MB1722.namprd08.prod.outlook.com (10.152.98.51) by
 DM3NAM05FT057.mail.protection.outlook.com (10.152.98.116) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id
 15.20.930.2 via Frontend Transport; Thu, 28 Jun 2018 13:56:53 +0000
Received: from CY1PR08MB1722.namprd08.prod.outlook.com
 ([fe80::61d5:226f:53dc:db4f]) by CY1PR08MB1722.namprd08.prod.outlook.com
 ([fe80::61d5:226f:53dc:db4f%3]) with mapi id 15.20.0906.023; Thu, 28 Jun 2018
 13:56:53 +0000
From: ce cis <cecisss131@msn.com>
Subject: Cordialement.
Thread-Topic: Cordialement.
Thread-Index: AQHUDufcqFE2KKOiX0SSc1FxoF0nTw==
Date: Thu, 28 Jun 2018 13:56:53 +0000
Message-ID: <CY1PR08MB17228DB4A8E2289E790F3A17894F0@CY1PR08MB1722.namprd08.prod.outlook.com>
Accept-Language: fr-FR, en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-incomingtopheadermarker: OriginalChecksum:1EEB03471A1EC58868198607B7D91B99BD25DE53CDB3429D67C33B3C42C7C371;UpperCasedChecksum:1707BB5E1A48D9A67E1D88DFD3945EE899252A368A3BE71EFBEF025674C25962;SizeAsReceived:10472;Count:42
x-tmn: [ESNxT5PiXUSKXvWxgbPI3xJo2j8Phcpi]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1;DM3NAM05HT068;7:of9laf0duzQpl9g1LCcPkxOrRiKnV7I2Xnq5Kx1EdEbhtzoUdv3xQra2BpcfAD4NiZQMoJjsOLjOPYB2RX8exgyW7J0cbxp4rHJBJdOXSaQDDrnaXFhdXLR3utGDAoOg+/8KYxemokWP0F/MvoeeZ6shryya8ex9/IjU1Ik5cU6ylx32HLzZVCUodWlJ1Q8NQE4GV9xF8bPaWsp8ReUlnTSohuYYm6YHIOoQLaffoU/hESdahiWesz9+WA+v1/+z
x-incomingheadercount: 42
x-eopattributedmessage: 0
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(7020095)(201702061078)(5061506573)(5061507331)(1603103135)(2017031320274)(2017031324274)(2017031323274)(201702181274)(2017031322404)(1603101448)(1601125500)(1701031045);SRVR:DM3NAM05HT068;
x-ms-exchange-slblob-mailprops: wFHlV0EOAy0Z2DLntgDr5lMFfr6rdxy4GJqfXrVXfCz8XQbrEiNVjYCo8xnD1CQZZIhWYLeHGlWloZcTRcNP0vQz+phouDfEHen8NWCHMLOc1TDxtzGFY1WlwkM34xdw88qn4CG5KU3lb5B0Jk6t62kA6OjnAzeeqX2DBlUfg+XunYgkJlOYJVsUKyLuU77Ns9UCkkeOvqId21l3c19fnyJbYf9R5DPbAlJpknxcWSGoFlgJWH66XoKVOBII5wKELkHqXL6GM3o6+kBiljJBwYe5V9967utu93LNHcTTr1m3s0NbUBeCnXSPkcGpa/YHFpvxl8i/TEkebfGkke8P1i/YYiezSQx0qjqLxygPAiaSx5hLpFW22B+EzVD98QC4u0FcyPUpkJU4ehxlHNmUpD6EVAFaVrYvgElZFcNPy/g4EMN52YNgJ/a3hrsyADrjxqewnPgQour9+ATEc8ocU6enhQh+PhoyN6DQOQL7LwkqJY1XQckYf4ZUklFC9URCk00SdHLUZ/S62LxNL59gwdCTrzBGmMFDyvOHKB6MeleK1UbDTsU4PXDOp+BkxSSojszBj8NDG5uz1a75iwvUrg==
x-ms-traffictypediagnostic: DM3NAM05HT068:
x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(444000031);SRVR:DM3NAM05HT068;BCL:0;PCL:0;RULEID:;SRVR:DM3NAM05HT068;
x-forefront-prvs: 0717E25089
x-forefront-antispam-report: SFV:NSPM;SFS:(7070007)(1496009)(199004)(189003)(6606003)(3480700004)(97736004)(20460500001)(99286004)(6346003)(558084003)(19627405001)(86152003)(39060400002)(109986005)(104016004)(26005)(105586002)(102836004)(9686003)(256004)(106356001)(6506007)(54896002)(8676002)(8936002)(81156014)(7696005)(33656002)(7406005)(476003)(486006)(1671002)(55016002)(25786009)(86362001)(7116003)(7416002)(6436002)(7336002)(881003)(5250100002)(82202002)(53336002)(7366002)(68736007)(2900100001)(14454004)(74316002)(5660300001)(16372002);DIR:OUT;SFP:1901;SCL:1;SRVR:DM3NAM05HT068;H:CY1PR08MB1722.namprd08.prod.outlook.com;FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:;
received-spf: None (protection.outlook.com: msn.com does not designate
 permitted sender hosts)
x-microsoft-antispam-message-info: BnZRP6p/REd3wrtz/IUzpOvZYaMb34/+iCR/WI2vhxzpFp02JAZb9DOJRGhvpOvqnWkwRZDDG4DZQpl9ekgzboD7mS4icXG8X1vFt4xqJQMijk7tlhawmvs8jJtPbBDDdrOxYL6k/OwUJZEMoMlra4EkaxiYFDtcpb6rwdMm9XAVpOHmjp1gktNZcjx9jkW5UMwRzp4qfE2OW9e6sEm6yWeDGhAG7h4JkzALETYeqK4=
MIME-Version: 1.0
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 3afc1180-e9b3-4e15-23c0-08d5dcff010b
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 24fd1209-d934-423e-a578-ee886993c07f
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Jun 2018 13:56:53.3821
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Internet
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM3NAM05HT068
X-Original-Sender: cecisss131@msn.com
X-Original-Authentication-Results: mx.google.com;       dkim=pass
 header.i=@msn.com header.s=selector1 header.b=H3Wy2Ou9;       spf=pass
 (google.com: domain of cecisss131@msn.com designates 40.92.14.28 as permitted
 sender) smtp.mailfrom=cecisss131@msn.com;       dmarc=pass (p=NONE
 sp=QUARANTINE dis=NONE) header.from=msn.com
Precedence: list
Mailing-list: list sjef_bosman@experts-exchange.com; contact sjef_bosman+owners@experts-exchange.com
List-ID: <sjef_bosman.experts-exchange.com>
X-Spam-Checked-In-Group: <redacted>
X-Google-Group-Id: 648554658343
List-Post: <https://groups.google.com/a/experts-exchange.com/group/sjef_bosman/post>,
 <mailto:sjef_bosman@experts-exchange.com>
List-Help: <https://support.google.com/a/experts-exchange.com/bin/topic.py?topic=25838>,
 <mailto:sjef_bosman+help@experts-exchange.com>
List-Archive: <https://groups.google.com/a/experts-exchange.com/group/sjef_bosman/>
List-Unsubscribe: <mailto:googlegroups-manage+648554658343+unsubscribe@googlegroups.com>,
 <https://groups.google.com/a/experts-exchange.com/group/sjef_bosman/subscribe>
View Previous CommentsLoad All Comments (16)
Rank: Master

Expert Comment

Craig Kehler2018-06-29 08:01 AMID: 2208069
So, serveral ee people got that.  Did someone harvest ee email accounts?  Was ee hacked?

Everyone who got it is on a single distribution list for Topic Advisors. It's one piece of spam that got through Google's spam filter.

As far as I know, our emails aren't available to other users.
No they aren't. This didn't come from the site at all, it came from a Google group set up for sending emails to all Topic Advisors. Simply some spammer got the address.
0
Rank: Ace

Author Comment

Sjef Bosman2018-06-30 04:43 AMID: 2208235
Drat. Thanks!  ;-)
0
Rank: Prodigy

Expert Comment

Martin Liss2018-07-03 06:02 AMID: 2208922
Another one today.
2018-07-03_06-00-27.jpgThat translates as:

Best regards

I am Mr. Peter Atoi an associate of Banco Banesto Madrid Spain. I have a confidential business proposal that I would like to do with you. I have decided to contact you. Can you be trusted? For more information, see Attaching the Application for a Business Application and returning it to me via my private e-mail. peteratoi25@gmail.com

Your
Mr. Peter Atoi.
0
Rank: Ace

Author Comment

Sjef Bosman2018-07-03 06:31 AMID: 2208931
Correct, I received exactly the same mail. All the more reason to get rid of the community-za group I'd say.
0
Rank: Genius

Expert Comment

serialband2018-07-04 08:19 AMID: 2209309
Remove the group and create a new one with a slightly different name.
0
Rank: Ace

Author Comment

Sjef Bosman2018-07-09 02:51 AMID: 2210570
Good idea! But, er, it is not my group...
0