Solved

Understand Email header

Posted on 2014-07-31
1
523 Views
Last Modified: 2014-07-31
One of my email accounts apparently was hacked???    I had an account where I work that was tcox@xxxxxxx.com    I got married and got a new address of tgill@xxxxxxx.com      Our email is hosted by a third party.    It is "violation" to send more than 250 emails (that are alike") or they consider it spam and is not allowed.   We know all this.    I left tcox account active, with a forward to my new account until I could get all my contacts and business associates notified.
A couple weeks ago, I received notice from our vendor that the account was disabled because somehow, someone used the tcox account and tried to send 600+ emails.
The only thing they provided to me was this:  (and a list of recipients)

Received: by smtp18.relay.iad3a.emailsrvr.com (Authenticated sender: tcox-AT-exxxxxxx.com) with ESMTPSA id E11B3280403;
      Sat, 19 Jul 2014 17:25:27 -0400 (EDT)
X-Sender-Id: tcox@xxxxxx.com
Received: from 192.168.198.33 (95-178-182-243.dsl.optinet.hr [95.178.182.243])
      (using TLSv1.1 with cipher DHE-RSA-AES256-SHA)
      by 0.0.0.0:587 (trex/5.2.10);
      Sat, 19 Jul 2014 21:25:29 GMT
MIME-Version: 1.0
Date: Sat, 19 Jul 2014 11:25:25 -1000
Message-ID: <Wp63JsoUA0dLdSHxmQ6VSywL6kMus4b6xFhSVOLPsOyDP1qV03RMDosbaQ9@mail.gmail.com>
Subject: What time did you get to the party?
From: Tcox <tcox@xxxxxxx.com>
To: nolieslife@aol.com
Content-Type: multipart/alternative; boundary=29dc002358cf95bd629ca154efd5e8314d347ce43

Content-Type: text/plain; charset=UTF-8

I came about midnight, there were a lot of people there, but i could find you, I've been there for hour or so and than got to Marie's bad, did you have fun? http://bitly.com/1mrzqHM

Content-Type: text/html; charset=UTF-8

<p dir="ltr">I came about midnight, there were a lot of people there, but i could find you, I've been there for hour or so and than got to Marie's bad, did you have fun? <a href="http://bitly.com/1mrzqHM">http://bitly.com/1mrzqHM</a></p>


According to our vendor, there is no way to tell how this happened.     IS THERE ANY WAY TO TRACE THIS BACK?
0
Comment
Question by:bankwest
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 83

Accepted Solution

by:
Dave Baldwin earned 500 total points
ID: 40232780
The "Received:" line tells where it came from.  But that is an IP address connected to that ISP.  It is not possible to definitively identify a person from that info.  Plus that part of an email header can be faked.

The 'how' is that someone got your login for that account.  Spammers spend all day trying to break into email accounts by guessing passwords.  Sometimes they guess right.  When they do, they send a lot of email.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
You need to know the location of the Office templates folder, so that when you create new templates, they are saved to that location, and thus are available for selection when creating new documents.  The steps to find the Templates folder path are …
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
CodeTwo Sync for iCloud (http://www.codetwo.com/sync-for-icloud?sts=6554) automatically synchronizes your Outlook 2016, 2013, 2010 or 2007 folders with iCloud folders available via iCloud Control Panel. This lets you automatically sync them with…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question