Phishing actually from apparent sender's domain

Posted on 2011-10-12
Last Modified: 2012-05-12
Hi, Experts.  I've been seeing something new in the world of phishing emails (at least, to me).  The email comes from "" -- and the routing headers bear out that this email actually came from ""  I am used to seeing a spoofed address and routing from obscure servers that bear no relation to that domain.

Is this a new kind of spoof?  Are they actually spoofing routing? Or am I seeing the work of a botnet of some kind? Should I be alerting the sending domains?
Question by:JLNewmark
    LVL 3

    Accepted Solution

    Just like you I have never encountered spoofed routing.  If x-originating-ip in message headers matches the IP of, then it is really hacked and it'd be good to notify domain administration of that. Full message headers would allow to check this in more detail.

    Author Comment

    Right, that's what I was looking at.  And they are coming from the domain of the apparent sender's address.  It's a new twist for me.  Botnet, maybe?
    LVL 27

    Expert Comment

    This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Highfive Gives IT Their Time Back

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    A brand new malware strain was recently discovered by security researchers at Palo Alto Networks dubbed “AceDeceiver.” This new strain of iOS malware can successfully infect non-jailbroken devices and jailbroken devices alike.
    This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now