nickg5
asked on
Can you read this e-mail header?
To protect the privacy of the parties, I'm editing the names and replacing them with John Doe and Jane Doe. The rest is not being editted.
A friend and I were discussing a matter and suddenly this Jane Doe sent an e-mail to my friend about what we were discussing and my friend never gave their e-mail to anyone for them to know the subject that we were talking about.
I see some numbers and an IP address there between all the garb so maybe you can figure it out.
From Jane Doe Thu May 9 16:06:46 2013
X-Apparently-To: johndoe@yahoo.de via 46.228.37.113; Thu, 09 May 2013 15:06:38 +0000
Return-Path: <Jane.Doe@rocketmail.com>
Received-SPF: none (domain of rocketmail.com does not designate permitted sender hosts)
AQEB
X-YMailISG: 0BiONa0WLDvUignqySZRHlAG.v ftdFI.EfK. 7YfC7yI2uD kV
NcfadfFZA4f.cg2v.HVPeSaZAs k4wTzvYmci TsluFaMglW oOG67AsHuu IK32
_C2hx2qBEJ2YYTZ87Cjcq8.2M6 XKTYhfuFxg rO7jIHxQka mc5wO0ltjC 6.S_
nLTgaNhIFctp3i_jkf9b7zeZnz UZj_Jhb60S rHFLXOIbAb 7z0ZPVFbpy 9b8k
GFYhys9oOFjDNSRANLCp6R6aJN kwt7n39yLx rIceosixcP P7.0_5SosY x9yn
5lHD6egGdVRLgwULNMq_lFMHsX 4lKsU0Nq.8 GfV.RUCEr5 hKZ7ZnR4WD sr2W
6frcwAF3BcvoT3Yddl8zWUFcZF FsQ9yXHbo. PbuJ5UcMyp xb2tGk1xIF YIX6
l6j_KwmEWkRYCTcCINBXiWaCg8 HPX7lobT3y tmX3499xZs JZOEQZi1cO aqy4
gDZ.ZKnI2LAOKfkECcPePZsHMR 4pcgkt_7Fb S5T7nxCwyU 56TVo3JerU vhYh
nwyY_IPASkz6Cnj20D8zp5ZjRA xfjF0K27NY LuyOCMloh. P2v6EtiydG 7sAx
aZgfgg9eZXh5eGiRzxUtiv8UtN zYKm0vr5r5 2GohaDNQf4 CrWdmnDdUF 8bY0
iokyoSAyDg2rVbpXGDosm3ma2q on8FR5umM1 33KVU4DdHz OGrc06dQB7 .4ZO
sSMEd4Ny.zMkN2YQ0ktYBaigre 7Zvrfy7sKR hdO7vbo1Jd PPtVsG9SEd yz1G
qmprD1IMh7iRNr7wxVUTpM1w5m jBSBT4DlxN pcXVU8eFO8 qxytTCUoLN LopZ
&nbs p;uTHc5bQS00c9cQhTw0k87ZNa pWdWT0w.jG eFbVoBt0uv iCanmGywAd DlTrY5
LTPIrV0UBkXURfdUuLpAbOa0H3 i4RRI6ZvjL 2KrMa9iO8i m9lVXtVV1Y ghzH
QN2eIfmMTcuFWIVRkWY2bYRkNt aN.F5BhAK1 swm3Ix2Fi3 H23fJq1fQN 1MZV
pZl_ZAgkRmtyZO6waQdwgkJVoJ yBvfCEXT8R lLIHJviHaW 2zX7IHtxVx yW2w
cmr3s_86UcPNrB7aQwduXbATkQ 3ZVKGsOBeM ga7e.PKjsm 2VKtSOkNLr x1Zq
VsHlZ.l6yI_vygAouPHM.UWcsX FrmpdLVKfR txXV.sIfNA --
X-Originating-IP: [98.138.90.94]
Authentication-Results: mta1183.mail.ir2.yahoo.com from=rocketmail.com; domainkeys=neutral (no sig); from=rocketmail.com; dkim=pass (ok)
Received: from 127.0.0.1 (EHLO nm21-vm0.bullet.mail.ne1.y ahoo.com) (98.138.90.94)
by mta1183.mail.ir2.yahoo.com with SMTP; Thu, 09 May 2013 15:06:38 +0000
Received: from [98.138.226.177] by nm21.bullet.mail.ne1.yahoo .com with NNFMP; 09 May 2013 15:06:37 -0000
Received: from [98.138.226.56] by tm12.bullet.mail.ne1.yahoo .com with NNFMP; 09 May 2013 15:06:36 -0000
Received: from [127.0.0.1] by smtp207.mail.ne1.yahoo.com with NNFMP; 09 May 2013 15:06:36 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rocketmail.com; s=s1024; t=1368111996; bh=J60cx+867857NPzisnUe3jB rCsgQCakNM cMNBDeuQDs =; h=X-Yahoo-Newman-Id:X-Yaho o-Newman-P roperty:X- YMail-OSG: X-Yahoo-SM TP:X-Rocke t-Received :Date:Subj ect:Messag e-ID:From: To:MIME-Ve rsion:Cont ent-Type:C ontent-Tra nsfer-Enco ding; b=MsLbjvn4zz6kNWqrHuatcNqP M1ekCmlZhm WhZ+uwuW0v Bf0T/lcBAl Eqn7fzYIGM tTEJcp99+m 7TqFRr/xi+ tF6hhUGWbv RunyMUl4/i 6Y76iKTPSm apDM+MYuCg i6ACYbj+Qs OE5Vrs80ld a7Cx+PElcT TkZT3kEn34 iSgl85o=
X-Yahoo-Newman-Id: 811538.7457.bm@smtp207.mai l.ne1.yaho o.com
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: WRayXL8VM1neiLpTr6MKMegdWZ ZsOg8_GgpC zBCHsU6vtV n
oIKiSqfUI.FklTQQxytxZ.7r1B iCPMEaICtN cybIGXuF3g YlHe6PY59V 43pk
zDyK4pQ_UmYOoOgMzp5ekB_g4S tMJy79Wx6_ SX8BeOmume 3fRtZ7ebL1 f.FS
pb1XDsvzJyeTMyQNjRV9Xi2lDS EFbLtVnoXQ 15nojm8dKr r1cCr6jeuH 7jvN
8uGNvQuqqlf9MkO0yK2H5PAu1w TaPpERcfCo IB781AIhTM f3GUJslb_. ShOw
hbI_FPqYVI5HMMHGqCusLhJMgd 5p69v0J2IT aaL5PIlLpJ 8YyMHnnHdP dZqV
v6X4PXXBZtKeYSgOh8E4XEsS64 oUS1r1Yjpl w2Mvqw10uz E3dv1SITc8 MCNI
0Gd2of4Q2J.q8KbmUZ36K8q9d3 0vrYGbqmCe AMENBKNd8h wMVFFu3uGa byWJ
CQA--
X-Yahoo-SMTP: oSxRVvSswBB_r4TQCRzVXmJyUV u36cnA.FBO 2G1u4lpTh5 tdhTXXH8Q7
by smtp207.mail.ne1.yahoo.com with SMTP; 09 May 2013 08:06:36 -0700 PDT
Date: Thu, 09 May 2013 11:06:46 -0400
Subject: But i would like to meet you
Message-ID: <73dwfakfudb2jrkdmxsmbva6. 1368112006 787@email. android.co m>
From: Jane Doe <Jane.Doe@rocketmail.com>
To: johndoe@yahoo.de
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: base64
Content-Length: 54
A friend and I were discussing a matter and suddenly this Jane Doe sent an e-mail to my friend about what we were discussing and my friend never gave their e-mail to anyone for them to know the subject that we were talking about.
I see some numbers and an IP address there between all the garb so maybe you can figure it out.
From Jane Doe Thu May 9 16:06:46 2013
X-Apparently-To: johndoe@yahoo.de via 46.228.37.113; Thu, 09 May 2013 15:06:38 +0000
Return-Path: <Jane.Doe@rocketmail.com>
Received-SPF: none (domain of rocketmail.com does not designate permitted sender hosts)
AQEB
X-YMailISG: 0BiONa0WLDvUignqySZRHlAG.v
NcfadfFZA4f.cg2v.HVPeSaZAs
_C2hx2qBEJ2YYTZ87Cjcq8.2M6
nLTgaNhIFctp3i_jkf9b7zeZnz
GFYhys9oOFjDNSRANLCp6R6aJN
5lHD6egGdVRLgwULNMq_lFMHsX
6frcwAF3BcvoT3Yddl8zWUFcZF
l6j_KwmEWkRYCTcCINBXiWaCg8
gDZ.ZKnI2LAOKfkECcPePZsHMR
nwyY_IPASkz6Cnj20D8zp5ZjRA
aZgfgg9eZXh5eGiRzxUtiv8UtN
iokyoSAyDg2rVbpXGDosm3ma2q
sSMEd4Ny.zMkN2YQ0ktYBaigre
qmprD1IMh7iRNr7wxVUTpM1w5m
&nbs p;uTHc5bQS00c9cQhTw0k87ZNa
LTPIrV0UBkXURfdUuLpAbOa0H3
QN2eIfmMTcuFWIVRkWY2bYRkNt
pZl_ZAgkRmtyZO6waQdwgkJVoJ
cmr3s_86UcPNrB7aQwduXbATkQ
VsHlZ.l6yI_vygAouPHM.UWcsX
X-Originating-IP: [98.138.90.94]
Authentication-Results: mta1183.mail.ir2.yahoo.com
Received: from 127.0.0.1 (EHLO nm21-vm0.bullet.mail.ne1.y
by mta1183.mail.ir2.yahoo.com
Received: from [98.138.226.177] by nm21.bullet.mail.ne1.yahoo
Received: from [98.138.226.56] by tm12.bullet.mail.ne1.yahoo
Received: from [127.0.0.1] by smtp207.mail.ne1.yahoo.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rocketmail.com; s=s1024; t=1368111996; bh=J60cx+867857NPzisnUe3jB
X-Yahoo-Newman-Id: 811538.7457.bm@smtp207.mai
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: WRayXL8VM1neiLpTr6MKMegdWZ
oIKiSqfUI.FklTQQxytxZ.7r1B
zDyK4pQ_UmYOoOgMzp5ekB_g4S
pb1XDsvzJyeTMyQNjRV9Xi2lDS
8uGNvQuqqlf9MkO0yK2H5PAu1w
hbI_FPqYVI5HMMHGqCusLhJMgd
v6X4PXXBZtKeYSgOh8E4XEsS64
0Gd2of4Q2J.q8KbmUZ36K8q9d3
CQA--
X-Yahoo-SMTP: oSxRVvSswBB_r4TQCRzVXmJyUV
by smtp207.mail.ne1.yahoo.com
Date: Thu, 09 May 2013 11:06:46 -0400
Subject: But i would like to meet you
Message-ID: <73dwfakfudb2jrkdmxsmbva6.
From: Jane Doe <Jane.Doe@rocketmail.com>
To: johndoe@yahoo.de
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding:
Content-Length: 54
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
What I mean is, a spammer's name should not be the name of the person we had been discussing.
Genealogy related is what we were talking about, a lost contact with relative.
Genealogy related is what we were talking about, a lost contact with relative.
I use Mail.com and people who do not know me from Adam send email to me from phony addresses or from myself sometimes (it looks like I sent it myself). I see my own address in the subject line.
So what you see is no surprise. It is just spam and I don't know why Yahoo did not categorize as spam. It is not the most secure email system.
I cannot tell you how the hacker got your email address, but I have seen this happen to me. All of this goes into the Mail.com spam bucket.
... Thinkpads_User
So what you see is no surprise. It is just spam and I don't know why Yahoo did not categorize as spam. It is not the most secure email system.
I cannot tell you how the hacker got your email address, but I have seen this happen to me. All of this goes into the Mail.com spam bucket.
... Thinkpads_User
I wonder if your friend sent a mail to a Yahoo email address (likely) that itself was compromised, and the hacker used this.
It is all social engineering so you will open the email. Then your computer is compromised.
... Thinkpads_User
It is all social engineering so you will open the email. Then your computer is compromised.
... Thinkpads_User
ASKER
It is all social engineering so you will open the email. Then your computer is compromised.
So, what do we do? Change passwords and that is all we can do?
So, what do we do? Change passwords and that is all we can do?
You should (along with your friend) change your Yahoo! email passwords, but that won't stop the email from coming. You need to blacklist it if you can. That is what I try to do. The only way I know how to stop this (because it is email) is with spam filtering. The next line of defense is really good Anti Virus software.
... Thinkpads_User
... Thinkpads_User
Here is a link from ZDNet that talks to my above points about social engineering and specially crafted web pages. Someone your friend knows probably has been hit with this stuff.
http://www.zdnet.com/microsoft-fixes-two-critical-ie-security-flaws-including-nuke-zero-day-7000015369/?s_cid=e589&ttag=e589
... Thinkpads_User
http://www.zdnet.com/microsoft-fixes-two-critical-ie-security-flaws-including-nuke-zero-day-7000015369/?s_cid=e589&ttag=e589
... Thinkpads_User
ASKER
-
@nickg5 - Thank you, and I was happy to help you with this.
... Thinkpads_User
... Thinkpads_User
ASKER
And the e-mail was sent from a Jane Doe.
Our messages between us two had "re: Jane Doe" in the subject line.
And then here comes a message from a Jane Doe.
My friend's address is the @ yahoo.de so that is not the hacker or the phony.
The @ rocketmail is the phony or the pfisher. But phisher's don't normally know what my friend and I were discussing which was shown in our subect lines.
We were discussing their relative and re: Jane Doe" was in the subject line of our e-mails.
Then here comes a message from Jane.Doe @ rocketmail claiming to be Jane Doe.