Solved

Understand Email header

Posted on 2014-07-31
1
497 Views
Last Modified: 2014-07-31
One of my email accounts apparently was hacked???    I had an account where I work that was tcox@xxxxxxx.com    I got married and got a new address of tgill@xxxxxxx.com      Our email is hosted by a third party.    It is "violation" to send more than 250 emails (that are alike") or they consider it spam and is not allowed.   We know all this.    I left tcox account active, with a forward to my new account until I could get all my contacts and business associates notified.
A couple weeks ago, I received notice from our vendor that the account was disabled because somehow, someone used the tcox account and tried to send 600+ emails.
The only thing they provided to me was this:  (and a list of recipients)

Received: by smtp18.relay.iad3a.emailsrvr.com (Authenticated sender: tcox-AT-exxxxxxx.com) with ESMTPSA id E11B3280403;
      Sat, 19 Jul 2014 17:25:27 -0400 (EDT)
X-Sender-Id: tcox@xxxxxx.com
Received: from 192.168.198.33 (95-178-182-243.dsl.optinet.hr [95.178.182.243])
      (using TLSv1.1 with cipher DHE-RSA-AES256-SHA)
      by 0.0.0.0:587 (trex/5.2.10);
      Sat, 19 Jul 2014 21:25:29 GMT
MIME-Version: 1.0
Date: Sat, 19 Jul 2014 11:25:25 -1000
Message-ID: <Wp63JsoUA0dLdSHxmQ6VSywL6kMus4b6xFhSVOLPsOyDP1qV03RMDosbaQ9@mail.gmail.com>
Subject: What time did you get to the party?
From: Tcox <tcox@xxxxxxx.com>
To: nolieslife@aol.com
Content-Type: multipart/alternative; boundary=29dc002358cf95bd629ca154efd5e8314d347ce43

Content-Type: text/plain; charset=UTF-8

I came about midnight, there were a lot of people there, but i could find you, I've been there for hour or so and than got to Marie's bad, did you have fun? http://bitly.com/1mrzqHM

Content-Type: text/html; charset=UTF-8

<p dir="ltr">I came about midnight, there were a lot of people there, but i could find you, I've been there for hour or so and than got to Marie's bad, did you have fun? <a href="http://bitly.com/1mrzqHM">http://bitly.com/1mrzqHM</a></p>


According to our vendor, there is no way to tell how this happened.     IS THERE ANY WAY TO TRACE THIS BACK?
0
Comment
Question by:bankwest
1 Comment
 
LVL 82

Accepted Solution

by:
Dave Baldwin earned 500 total points
ID: 40232780
The "Received:" line tells where it came from.  But that is an IP address connected to that ISP.  It is not possible to definitively identify a person from that info.  Plus that part of an email header can be faked.

The 'how' is that someone got your login for that account.  Spammers spend all day trying to break into email accounts by guessing passwords.  Sometimes they guess right.  When they do, they send a lot of email.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Use email signature images to promote corporate certifications and industry awards.
Resolve DNS query failed errors for Exchange
Get people started with the process of using Access VBA to control Outlook using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Microsoft Outlook. Using automation, an Access applic…
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now