Solved

FROM: svetlena@peoplepc.com TO:svetlena@peoplepc.com

Posted on 2002-04-05
8
935 Views
Last Modified: 2006-11-17
I got an email with the following headers in my hotmail account. Note that the From and the To fields are the same and both diferent from my email address which is bdatchev@hotmail.com. How is it possible? Did the pearson send this email to me only or it was sent to his entire address list? Which one is the actual originating IP.


From :    "Svetlena Taneva" <svetlena@peoplepc.com>  
   
To :    "Svetlena Taneva" <svetlena@peoplepc.com>  
   
Subject :    just to let everyone know...  
   
Date :    Thu, 4 Apr 2002 17:10:08 -0500  
   
   MIME-Version: 1.0
Received: from [209.228.32.171] by hotmail.com (3.2) with ESMTP id MHotMailBE761A4B005840043156D1E420ABA2400; Thu, 04 Apr 2002 14:10:19 -0800
Received: (cpmta 10965 invoked from network); 4 Apr 2002 14:10:15 -0800
Received: from 67.241.226.52 (HELO svet) by smtp.peoplepc.com (209.228.32.171) with SMTP; 4 Apr 2002 14:10:15 -0800
From svetlena@peoplepc.com Thu, 04 Apr 2002 14:10:40 -0800
X-Sent: 4 Apr 2002 22:10:15 GMT
Message-ID: <000a01c1dc25$8330aaf0$34e2f143@svet>
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000  
0
Comment
Question by:blago
8 Comments
 
LVL 31

Expert Comment

by:rid
ID: 6923056

The "from" field is not authenticated and could be anything, including NULL. My guess is you are on a BCC list and the sender used the svetlena address, which may or may not be their own address, as destination.

Regards
/RID
0
 
LVL 4

Accepted Solution

by:
mhci earned 50 total points
ID: 6925904
Hi

The email seems to have originated from 67.241.226.52. Look at this line:
1.Received: from 67.241.226.52 (HELO svet) by smtp.peoplepc.com (209.228.32.171) with SMTP; 4 Apr 2002

14:10:15 -0800 (the time is recorded at -0800 hrs to GMT) and shows 14.10.15 (2:10:15 PM). This also shows that the IP 67.241.226.52 has sent the message to 209.228.32.171

Now if you look closely 209.228.32.171 is the smtp server for peoplepc.com. So the person using his own Internet Service Provider which gave the person 67.241.226.52 IP address connected to email facility at peoplepc.com (such as hotmail.com) and then send this message.


2.Received: from [209.228.32.171] by hotmail.com (3.2) with ESMTP id MHotMailBE761A4B005840043156D1E420ABA2400;
Thu, 04 Apr 2002 14:10:19 -0800

Similarly this IP 209.228.32.171 forwarded this email to hotmail.com. Again look at the time. IT is the time after 14:10:15

It seems quite clear that 67.241.226.52 is the originating IP of this email.

It is quite possible to send such kind of message. Suppose you send a message to many but write all the addresses under bcc and in the "TO" field write only your own email address, then you would get the above kind of condition. This is the general method used in order to protect the email addresses of the persons whom you are sending the bulk mail to.

Do let us know if you still need help




0
 
LVL 31

Expert Comment

by:rid
ID: 6926312
I can only agree totally with the above comment from mhci.
/RID
0
 
LVL 24

Expert Comment

by:SunBow
ID: 6929166
(listening...)
My first guess was use bcc (as rid). I am less sure of
> The "from" field is not authenticated
- as this field is indeed being checked more frequently. Not that this one was or that it would do you any good.

My second guess, (not looking at clock) is that HotMail had some recent downtime and aberrations, possibly this is related.

I'll try to revisit this, to read more in depth, especially mhci comment
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 31

Expert Comment

by:rid
ID: 6930497
RE: the "from" field: I don't think this requires authentication in the standards for the protocols involved and empty field should be allowed. Depending on software involved, authentication, and rejection of NULL, can be implemented.

Regards
/RID
0
 
LVL 31

Expert Comment

by:rid
ID: 7001427
Hello there!
Have our comments been of assistance, or do you need additional help? Please finalize this Q in an appropriate manner.

Regards
/RID
0
 
LVL 1

Author Comment

by:blago
ID: 7167456
I'm sorry for the delay, but I was without access to internet for long. Your comment was very helpful and thorough.
0
 
LVL 1

Author Comment

by:blago
ID: 7167458
RID you deserve the points too so I'll post another question and you just have to reply.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

I tend toward trying the newest hardware and software.  Thiss sometimes works out to my benefit, and sometimes not.  Because I downloaded and installed Android 5.x (http://www.experts-exchange.com/articles/18084/Upgrading-to-Android-5-0-Lollipop.htm…
Email signatures have numerous marketing benefits. Here are 8 top reasons to turn your email signature into a marketing channel.
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now