[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Email hacked?

Posted on 2016-08-18
3
Medium Priority
?
221 Views
Last Modified: 2016-08-18
How can I tell if this was sent from our pop3, or if it just spoofed our email address? I received a suspicious looking email, so I clicked on it and chose "Message Options", then "Internet Headers".  Does this tell you whether the email came from us?

Received: from CONTUSO3 (127.0.0.1) by CONTUSO3.contuso.local
 (127.0.0.1) with Microsoft SMTP Server id 8.1.436.0; Thu, 18 Aug 2016
 03:08:22 -0500
Received: by [CONTUSO3.contuso.local (Microsoft Connector for POP3
 Mailboxes)] id <"{732EC142-7413-40A4-8D66-40E2F5000B9F}"@contuso.local>;
 Thu, 18 Aug 2016 03:08:12 -0500
Resent-Sender: <pop3connector@contuso.local>
Received: from spamappliance.filterservice.net ([206.220.200.250])        by
 mail.filterservice.net (filterservice.net Mail Server) with SMTP id GQW32710        for
 <joe@contuso.com>; Thu, 18 Aug 2016 01:04:10 -0700
Received: from o2.email.goodrx.com ([167.89.56.103])          by
 spamappliance.filterservice.net ({b4b26338-9a18-4b5f-aa5a-88d68e664c57})          via
 TCP (inbound) with ESMTPS id 20160818080401290_0000          for
 <joe@contuso.com>;          Thu, 18 Aug 2016 08:04:01 +0000
X-RC-FROM: <bounces+826630-03ee-joe=contuso.com@email.goodrx.com>
X-RC-RCPT: <joe@contuso.com>
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=email.goodrx.com;
      h=content-type:from:mime-version:subject:to:list-unsubscribe;
      s=smtpapi; bh=nI0ETc4siUeeqE0aW6ByUW4XW+o=; b=N3patISXSK3cOYj5p4
      /QRPSP+EXm1T6EC7mqTMUiMhCVkYX6o9/PWZjninTXnTeN+joqDP6TnarZAo26io
      hbRzURcYknX5HTNZ4xUtx0u7FdgYKaOMGzHB8m9K9hshIz98HhCMY0JE0q/ChBv2
      v8qP2ON1lwIfhyPrXC0DoLUAE=
Received: by filter0196p1las1.sendgrid.net with SMTP id
 filter0196p1las1.6001.57B56BEB14        2016-08-18 08:03:55.481860943 +0000
 UTC
Received: from ODI2NjMw (ec2-204-236-149-232.us-west-1.compute.amazonaws.com
 [204.236.149.232])      by ismtpd0012p1las1.sendgrid.net (SG) with HTTP id
 z6Fo25xKSE6khE_UgRnBsA      for <joe@contuso.com>; Thu, 18 Aug 2016
 08:03:55.485 +0000 (UTC)
Content-Type: multipart/alternative;
      boundary="2a0f4bf16df38ca334295a378b6f9d8bad776c1ec847cf9de6c38434c1c4"
Date: Thu, 18 Aug 2016 08:03:55 +0000
From: GoodRx <no-reply@goodrx.com>
MIME-Version: 1.0
Subject: GoodRx - Your My Rx account is set up!
To: joe@contuso.com
Message-ID: <z6Fo25xKSE6khE_UgRnBsA@ismtpd0012p1las1.sendgrid.net>
X-SG-EID: FS+2Csyt4B3n1VYAYljlhEsaD3WbVuLN4l24TDbAQo0GOPWxUD5Smxde8YRKb738eLK1Sh/dW9CgMN
 s+GXH7UeQq23NALueVOAB/fhJIrUXEZJ9zecVPi+gQsL/bNDR+rISOZaKutqWOQ/whoNmiN6aqY6W0
 15/xsZ81oeazn99y139OKOuEGLc/hWszjoZpShh/Bacsq6ugAVR2LxupHQ==
X-SG-ID: lBO1GoPdSkYXCKIlFaV4t2paGB1f9MgO+qgYEqU7DuDHvFWy8uCnMTYbDjkSnKk94XmeMx+DtUtBTO
 K+MMUxJWruI7mISPviPSALcnIvKq0=
List-Unsubscribe: <http://email.goodrx.com/wf/unsubscribe?upn=5EkAOyONdohov9wua-2ByXWZKFHZErHyck-2Fabbq6t49m-2FGXHCadd5JUVXD11gAKnNXRIhOPFjMUnGj3iX7s4ODl1v-2FmMoEHHniSQyZyyQR0ZV0xtB7RdRdh9pOXaNVZJfzu7eqBIWcEQHN8u0C8gzLuN6L8XHPqYdQGxWRcH-2FyLfVzgwJh7M-2FdwJepmesuJFdeqtvv8pdF-2F-2FhrWSycpSsOf7ZU7mDRvVub-2BW8xR5jW6stjboEakN3GbKyIsm0r9dhaLSqR2HlMWigeN6xEBzLVkG30siJRvGTrlznYWCpGadGwUB-2FLUdAIfgIr-2Bx3dE67Y>, <mailto:unsubscribe@email.goodrx.com?subject=http://email.goodrx.com/wf/unsubscribe*q*upn=5EkAOyONdohov9wua-2ByXWZKFHZErHyck-2Fabbq6t49m-2FGXHCadd5JUVXD11gAKnNXRIhOPFjMUnGj3iX7s4ODl1v-2FmMoEHHniSQyZyyQR0ZV0xtB7RdRdh9pOXaNVZJfzu7eqBIWcEQHN8u0C8gzLuN6L8XHPqYdQGxWRcH-2FyLfVzgwJh7M-2FdwJepmesuJFdeqtvv8pdF-2F-2FhrWSycpSsOf7ZU7mDRvVub-2BW8xR5jW6stjboEakN3GbKyIsm0r9dhaLSqR2HlMWigeN6xEBzLVkG30siJRvGTrlznYWCpGadGwUB-2FLUdAIfgIr-2Bx3dE67Y>
Return-Path: no-reply@goodrx.com
X-MS-Exchange-Organization-PRD: contuso.local
X-MS-Exchange-Organization-SenderIdResult: None
Received-SPF: None (CONTUSO3.contuso.local:
 pop3connector@contuso.local does not designate permitted sender hosts)
X-MS-Exchange-Organization-SCL: 6
X-MS-Exchange-Organization-PCL: 2
X-MS-Exchange-Organization-Antispam-Report:
 DV:3.3.5705.600;SID:SenderIDStatus None;OrigIP:206.220.200.250
0
Comment
Question by:wfcrr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 98

Accepted Solution

by:
John Hurst earned 2000 total points
ID: 41761253
Message-ID: <z6Fo25xKSE6khE_UgRnBsA@ismtpd0012p1las1.sendgrid.net>

Sendgrid.net is a big source of spam and fraud. I got "bank" alerts from them.

Delete them - do NOT open.
0
 

Author Closing Comment

by:wfcrr
ID: 41761270
Thank you!
0
 
LVL 98

Expert Comment

by:John Hurst
ID: 41761272
You are very welcome. I hate Sendgrid, mostly because they won't kick the spammers out.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Changing a few Outlook Options can help keep you organized!
If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question