Solved

Understand Email header

Posted on 2014-07-31
1
514 Views
Last Modified: 2014-07-31
One of my email accounts apparently was hacked???    I had an account where I work that was tcox@xxxxxxx.com    I got married and got a new address of tgill@xxxxxxx.com      Our email is hosted by a third party.    It is "violation" to send more than 250 emails (that are alike") or they consider it spam and is not allowed.   We know all this.    I left tcox account active, with a forward to my new account until I could get all my contacts and business associates notified.
A couple weeks ago, I received notice from our vendor that the account was disabled because somehow, someone used the tcox account and tried to send 600+ emails.
The only thing they provided to me was this:  (and a list of recipients)

Received: by smtp18.relay.iad3a.emailsrvr.com (Authenticated sender: tcox-AT-exxxxxxx.com) with ESMTPSA id E11B3280403;
      Sat, 19 Jul 2014 17:25:27 -0400 (EDT)
X-Sender-Id: tcox@xxxxxx.com
Received: from 192.168.198.33 (95-178-182-243.dsl.optinet.hr [95.178.182.243])
      (using TLSv1.1 with cipher DHE-RSA-AES256-SHA)
      by 0.0.0.0:587 (trex/5.2.10);
      Sat, 19 Jul 2014 21:25:29 GMT
MIME-Version: 1.0
Date: Sat, 19 Jul 2014 11:25:25 -1000
Message-ID: <Wp63JsoUA0dLdSHxmQ6VSywL6kMus4b6xFhSVOLPsOyDP1qV03RMDosbaQ9@mail.gmail.com>
Subject: What time did you get to the party?
From: Tcox <tcox@xxxxxxx.com>
To: nolieslife@aol.com
Content-Type: multipart/alternative; boundary=29dc002358cf95bd629ca154efd5e8314d347ce43

Content-Type: text/plain; charset=UTF-8

I came about midnight, there were a lot of people there, but i could find you, I've been there for hour or so and than got to Marie's bad, did you have fun? http://bitly.com/1mrzqHM

Content-Type: text/html; charset=UTF-8

<p dir="ltr">I came about midnight, there were a lot of people there, but i could find you, I've been there for hour or so and than got to Marie's bad, did you have fun? <a href="http://bitly.com/1mrzqHM">http://bitly.com/1mrzqHM</a></p>


According to our vendor, there is no way to tell how this happened.     IS THERE ANY WAY TO TRACE THIS BACK?
0
Comment
Question by:bankwest
1 Comment
 
LVL 83

Accepted Solution

by:
Dave Baldwin earned 500 total points
ID: 40232780
The "Received:" line tells where it came from.  But that is an IP address connected to that ISP.  It is not possible to definitively identify a person from that info.  Plus that part of an email header can be faked.

The 'how' is that someone got your login for that account.  Spammers spend all day trying to break into email accounts by guessing passwords.  Sometimes they guess right.  When they do, they send a lot of email.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Large Outlook files lead to various unwanted errors and corruption issues. Furthermore, large outlook files can also make Outlook take longer to start-up, search, navigate, and shut-down. So, In this article, i will discuss a method to make your Out…
You need to know the location of the Office templates folder, so that when you create new templates, they are saved to that location, and thus are available for selection when creating new documents.  The steps to find the Templates folder path are …
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Many of my clients call in with monstrous Gmail overloading issues with Outlook. A quick tip is to turn off the All Mail and Important folders from synching. Here is a quick video I made to show you how to turn off these and other folders in Gmail s…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question