Solved

Understand Email header

Posted on 2014-07-31
1
508 Views
Last Modified: 2014-07-31
One of my email accounts apparently was hacked???    I had an account where I work that was tcox@xxxxxxx.com    I got married and got a new address of tgill@xxxxxxx.com      Our email is hosted by a third party.    It is "violation" to send more than 250 emails (that are alike") or they consider it spam and is not allowed.   We know all this.    I left tcox account active, with a forward to my new account until I could get all my contacts and business associates notified.
A couple weeks ago, I received notice from our vendor that the account was disabled because somehow, someone used the tcox account and tried to send 600+ emails.
The only thing they provided to me was this:  (and a list of recipients)

Received: by smtp18.relay.iad3a.emailsrvr.com (Authenticated sender: tcox-AT-exxxxxxx.com) with ESMTPSA id E11B3280403;
      Sat, 19 Jul 2014 17:25:27 -0400 (EDT)
X-Sender-Id: tcox@xxxxxx.com
Received: from 192.168.198.33 (95-178-182-243.dsl.optinet.hr [95.178.182.243])
      (using TLSv1.1 with cipher DHE-RSA-AES256-SHA)
      by 0.0.0.0:587 (trex/5.2.10);
      Sat, 19 Jul 2014 21:25:29 GMT
MIME-Version: 1.0
Date: Sat, 19 Jul 2014 11:25:25 -1000
Message-ID: <Wp63JsoUA0dLdSHxmQ6VSywL6kMus4b6xFhSVOLPsOyDP1qV03RMDosbaQ9@mail.gmail.com>
Subject: What time did you get to the party?
From: Tcox <tcox@xxxxxxx.com>
To: nolieslife@aol.com
Content-Type: multipart/alternative; boundary=29dc002358cf95bd629ca154efd5e8314d347ce43

Content-Type: text/plain; charset=UTF-8

I came about midnight, there were a lot of people there, but i could find you, I've been there for hour or so and than got to Marie's bad, did you have fun? http://bitly.com/1mrzqHM

Content-Type: text/html; charset=UTF-8

<p dir="ltr">I came about midnight, there were a lot of people there, but i could find you, I've been there for hour or so and than got to Marie's bad, did you have fun? <a href="http://bitly.com/1mrzqHM">http://bitly.com/1mrzqHM</a></p>


According to our vendor, there is no way to tell how this happened.     IS THERE ANY WAY TO TRACE THIS BACK?
0
Comment
Question by:bankwest
1 Comment
 
LVL 83

Accepted Solution

by:
Dave Baldwin earned 500 total points
ID: 40232780
The "Received:" line tells where it came from.  But that is an IP address connected to that ISP.  It is not possible to definitively identify a person from that info.  Plus that part of an email header can be faked.

The 'how' is that someone got your login for that account.  Spammers spend all day trying to break into email accounts by guessing passwords.  Sometimes they guess right.  When they do, they send a lot of email.
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this step by step procedure, you will come to know the details of creating an Outlook meeting in 2007, 2010, 2013 & 2016.
When you’re making plans to join the modern business race, you should analyze various details that may affect your results. Nowadays, millions of businesses are trying to grow into established and appreciated professional enterprises.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now