Solved

Understand Email header

Posted on 2014-07-31
1
518 Views
Last Modified: 2014-07-31
One of my email accounts apparently was hacked???    I had an account where I work that was tcox@xxxxxxx.com    I got married and got a new address of tgill@xxxxxxx.com      Our email is hosted by a third party.    It is "violation" to send more than 250 emails (that are alike") or they consider it spam and is not allowed.   We know all this.    I left tcox account active, with a forward to my new account until I could get all my contacts and business associates notified.
A couple weeks ago, I received notice from our vendor that the account was disabled because somehow, someone used the tcox account and tried to send 600+ emails.
The only thing they provided to me was this:  (and a list of recipients)

Received: by smtp18.relay.iad3a.emailsrvr.com (Authenticated sender: tcox-AT-exxxxxxx.com) with ESMTPSA id E11B3280403;
      Sat, 19 Jul 2014 17:25:27 -0400 (EDT)
X-Sender-Id: tcox@xxxxxx.com
Received: from 192.168.198.33 (95-178-182-243.dsl.optinet.hr [95.178.182.243])
      (using TLSv1.1 with cipher DHE-RSA-AES256-SHA)
      by 0.0.0.0:587 (trex/5.2.10);
      Sat, 19 Jul 2014 21:25:29 GMT
MIME-Version: 1.0
Date: Sat, 19 Jul 2014 11:25:25 -1000
Message-ID: <Wp63JsoUA0dLdSHxmQ6VSywL6kMus4b6xFhSVOLPsOyDP1qV03RMDosbaQ9@mail.gmail.com>
Subject: What time did you get to the party?
From: Tcox <tcox@xxxxxxx.com>
To: nolieslife@aol.com
Content-Type: multipart/alternative; boundary=29dc002358cf95bd629ca154efd5e8314d347ce43

Content-Type: text/plain; charset=UTF-8

I came about midnight, there were a lot of people there, but i could find you, I've been there for hour or so and than got to Marie's bad, did you have fun? http://bitly.com/1mrzqHM

Content-Type: text/html; charset=UTF-8

<p dir="ltr">I came about midnight, there were a lot of people there, but i could find you, I've been there for hour or so and than got to Marie's bad, did you have fun? <a href="http://bitly.com/1mrzqHM">http://bitly.com/1mrzqHM</a></p>


According to our vendor, there is no way to tell how this happened.     IS THERE ANY WAY TO TRACE THIS BACK?
0
Comment
Question by:bankwest
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 83

Accepted Solution

by:
Dave Baldwin earned 500 total points
ID: 40232780
The "Received:" line tells where it came from.  But that is an IP address connected to that ISP.  It is not possible to definitively identify a person from that info.  Plus that part of an email header can be faked.

The 'how' is that someone got your login for that account.  Spammers spend all day trying to break into email accounts by guessing passwords.  Sometimes they guess right.  When they do, they send a lot of email.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question