Solved

FROM: svetlena@peoplepc.com TO:svetlena@peoplepc.com

Posted on 2002-04-05
8
943 Views
Last Modified: 2006-11-17
I got an email with the following headers in my hotmail account. Note that the From and the To fields are the same and both diferent from my email address which is bdatchev@hotmail.com. How is it possible? Did the pearson send this email to me only or it was sent to his entire address list? Which one is the actual originating IP.


From :    "Svetlena Taneva" <svetlena@peoplepc.com>  
   
To :    "Svetlena Taneva" <svetlena@peoplepc.com>  
   
Subject :    just to let everyone know...  
   
Date :    Thu, 4 Apr 2002 17:10:08 -0500  
   
   MIME-Version: 1.0
Received: from [209.228.32.171] by hotmail.com (3.2) with ESMTP id MHotMailBE761A4B005840043156D1E420ABA2400; Thu, 04 Apr 2002 14:10:19 -0800
Received: (cpmta 10965 invoked from network); 4 Apr 2002 14:10:15 -0800
Received: from 67.241.226.52 (HELO svet) by smtp.peoplepc.com (209.228.32.171) with SMTP; 4 Apr 2002 14:10:15 -0800
From svetlena@peoplepc.com Thu, 04 Apr 2002 14:10:40 -0800
X-Sent: 4 Apr 2002 22:10:15 GMT
Message-ID: <000a01c1dc25$8330aaf0$34e2f143@svet>
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000  
0
Comment
Question by:blago
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 31

Expert Comment

by:rid
ID: 6923056

The "from" field is not authenticated and could be anything, including NULL. My guess is you are on a BCC list and the sender used the svetlena address, which may or may not be their own address, as destination.

Regards
/RID
0
 
LVL 4

Accepted Solution

by:
mhci earned 50 total points
ID: 6925904
Hi

The email seems to have originated from 67.241.226.52. Look at this line:
1.Received: from 67.241.226.52 (HELO svet) by smtp.peoplepc.com (209.228.32.171) with SMTP; 4 Apr 2002

14:10:15 -0800 (the time is recorded at -0800 hrs to GMT) and shows 14.10.15 (2:10:15 PM). This also shows that the IP 67.241.226.52 has sent the message to 209.228.32.171

Now if you look closely 209.228.32.171 is the smtp server for peoplepc.com. So the person using his own Internet Service Provider which gave the person 67.241.226.52 IP address connected to email facility at peoplepc.com (such as hotmail.com) and then send this message.


2.Received: from [209.228.32.171] by hotmail.com (3.2) with ESMTP id MHotMailBE761A4B005840043156D1E420ABA2400;
Thu, 04 Apr 2002 14:10:19 -0800

Similarly this IP 209.228.32.171 forwarded this email to hotmail.com. Again look at the time. IT is the time after 14:10:15

It seems quite clear that 67.241.226.52 is the originating IP of this email.

It is quite possible to send such kind of message. Suppose you send a message to many but write all the addresses under bcc and in the "TO" field write only your own email address, then you would get the above kind of condition. This is the general method used in order to protect the email addresses of the persons whom you are sending the bulk mail to.

Do let us know if you still need help




0
 
LVL 31

Expert Comment

by:rid
ID: 6926312
I can only agree totally with the above comment from mhci.
/RID
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 24

Expert Comment

by:SunBow
ID: 6929166
(listening...)
My first guess was use bcc (as rid). I am less sure of
> The "from" field is not authenticated
- as this field is indeed being checked more frequently. Not that this one was or that it would do you any good.

My second guess, (not looking at clock) is that HotMail had some recent downtime and aberrations, possibly this is related.

I'll try to revisit this, to read more in depth, especially mhci comment
0
 
LVL 31

Expert Comment

by:rid
ID: 6930497
RE: the "from" field: I don't think this requires authentication in the standards for the protocols involved and empty field should be allowed. Depending on software involved, authentication, and rejection of NULL, can be implemented.

Regards
/RID
0
 
LVL 31

Expert Comment

by:rid
ID: 7001427
Hello there!
Have our comments been of assistance, or do you need additional help? Please finalize this Q in an appropriate manner.

Regards
/RID
0
 
LVL 1

Author Comment

by:blago
ID: 7167456
I'm sorry for the delay, but I was without access to internet for long. Your comment was very helpful and thorough.
0
 
LVL 1

Author Comment

by:blago
ID: 7167458
RID you deserve the points too so I'll post another question and you just have to reply.
0

Featured Post

[Webinar] Code, Load, and Grow

Managing multiple websites, servers, applications, and security on a daily basis? Join us for a webinar on May 25th to learn how to simplify administration and management of virtual hosts for IT admins, create a secure environment, and deploy code more effectively and frequently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Create high volume marketing opportunities using email signatures with these top 10 DOs and DON'Ts of email signature marketing.
Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
Many of my clients call in with monstrous Gmail overloading issues with Outlook. A quick tip is to turn off the All Mail and Important folders from synching. Here is a quick video I made to show you how to turn off these and other folders in Gmail s…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question