Solved

FROM: svetlena@peoplepc.com TO:svetlena@peoplepc.com

Posted on 2002-04-05
8
936 Views
Last Modified: 2006-11-17
I got an email with the following headers in my hotmail account. Note that the From and the To fields are the same and both diferent from my email address which is bdatchev@hotmail.com. How is it possible? Did the pearson send this email to me only or it was sent to his entire address list? Which one is the actual originating IP.


From :    "Svetlena Taneva" <svetlena@peoplepc.com>  
   
To :    "Svetlena Taneva" <svetlena@peoplepc.com>  
   
Subject :    just to let everyone know...  
   
Date :    Thu, 4 Apr 2002 17:10:08 -0500  
   
   MIME-Version: 1.0
Received: from [209.228.32.171] by hotmail.com (3.2) with ESMTP id MHotMailBE761A4B005840043156D1E420ABA2400; Thu, 04 Apr 2002 14:10:19 -0800
Received: (cpmta 10965 invoked from network); 4 Apr 2002 14:10:15 -0800
Received: from 67.241.226.52 (HELO svet) by smtp.peoplepc.com (209.228.32.171) with SMTP; 4 Apr 2002 14:10:15 -0800
From svetlena@peoplepc.com Thu, 04 Apr 2002 14:10:40 -0800
X-Sent: 4 Apr 2002 22:10:15 GMT
Message-ID: <000a01c1dc25$8330aaf0$34e2f143@svet>
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000  
0
Comment
Question by:blago
8 Comments
 
LVL 31

Expert Comment

by:rid
ID: 6923056

The "from" field is not authenticated and could be anything, including NULL. My guess is you are on a BCC list and the sender used the svetlena address, which may or may not be their own address, as destination.

Regards
/RID
0
 
LVL 4

Accepted Solution

by:
mhci earned 50 total points
ID: 6925904
Hi

The email seems to have originated from 67.241.226.52. Look at this line:
1.Received: from 67.241.226.52 (HELO svet) by smtp.peoplepc.com (209.228.32.171) with SMTP; 4 Apr 2002

14:10:15 -0800 (the time is recorded at -0800 hrs to GMT) and shows 14.10.15 (2:10:15 PM). This also shows that the IP 67.241.226.52 has sent the message to 209.228.32.171

Now if you look closely 209.228.32.171 is the smtp server for peoplepc.com. So the person using his own Internet Service Provider which gave the person 67.241.226.52 IP address connected to email facility at peoplepc.com (such as hotmail.com) and then send this message.


2.Received: from [209.228.32.171] by hotmail.com (3.2) with ESMTP id MHotMailBE761A4B005840043156D1E420ABA2400;
Thu, 04 Apr 2002 14:10:19 -0800

Similarly this IP 209.228.32.171 forwarded this email to hotmail.com. Again look at the time. IT is the time after 14:10:15

It seems quite clear that 67.241.226.52 is the originating IP of this email.

It is quite possible to send such kind of message. Suppose you send a message to many but write all the addresses under bcc and in the "TO" field write only your own email address, then you would get the above kind of condition. This is the general method used in order to protect the email addresses of the persons whom you are sending the bulk mail to.

Do let us know if you still need help




0
 
LVL 31

Expert Comment

by:rid
ID: 6926312
I can only agree totally with the above comment from mhci.
/RID
0
 
LVL 24

Expert Comment

by:SunBow
ID: 6929166
(listening...)
My first guess was use bcc (as rid). I am less sure of
> The "from" field is not authenticated
- as this field is indeed being checked more frequently. Not that this one was or that it would do you any good.

My second guess, (not looking at clock) is that HotMail had some recent downtime and aberrations, possibly this is related.

I'll try to revisit this, to read more in depth, especially mhci comment
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 31

Expert Comment

by:rid
ID: 6930497
RE: the "from" field: I don't think this requires authentication in the standards for the protocols involved and empty field should be allowed. Depending on software involved, authentication, and rejection of NULL, can be implemented.

Regards
/RID
0
 
LVL 31

Expert Comment

by:rid
ID: 7001427
Hello there!
Have our comments been of assistance, or do you need additional help? Please finalize this Q in an appropriate manner.

Regards
/RID
0
 
LVL 1

Author Comment

by:blago
ID: 7167456
I'm sorry for the delay, but I was without access to internet for long. Your comment was very helpful and thorough.
0
 
LVL 1

Author Comment

by:blago
ID: 7167458
RID you deserve the points too so I'll post another question and you just have to reply.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
syncing outlook accross two or more devices? 2 72
POP3 mail from GMail includes website data in signature 4 27
Outlook:  SSMB 2 53
php mail headers 2 40
I didn’t use eM Client for long when I decided to swap to Outlook 2016. The reason for the switch is that it started asking for payment to continue some of its services after one month.   The problems I faced when I didn’t pay were:   I was not …
Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now