Solved

Email hacked?

Posted on 2016-08-18
3
50 Views
Last Modified: 2016-08-18
How can I tell if this was sent from our pop3, or if it just spoofed our email address? I received a suspicious looking email, so I clicked on it and chose "Message Options", then "Internet Headers".  Does this tell you whether the email came from us?

Received: from CONTUSO3 (127.0.0.1) by CONTUSO3.contuso.local
 (127.0.0.1) with Microsoft SMTP Server id 8.1.436.0; Thu, 18 Aug 2016
 03:08:22 -0500
Received: by [CONTUSO3.contuso.local (Microsoft Connector for POP3
 Mailboxes)] id <"{732EC142-7413-40A4-8D66-40E2F5000B9F}"@contuso.local>;
 Thu, 18 Aug 2016 03:08:12 -0500
Resent-Sender: <pop3connector@contuso.local>
Received: from spamappliance.filterservice.net ([206.220.200.250])        by
 mail.filterservice.net (filterservice.net Mail Server) with SMTP id GQW32710        for
 <joe@contuso.com>; Thu, 18 Aug 2016 01:04:10 -0700
Received: from o2.email.goodrx.com ([167.89.56.103])          by
 spamappliance.filterservice.net ({b4b26338-9a18-4b5f-aa5a-88d68e664c57})          via
 TCP (inbound) with ESMTPS id 20160818080401290_0000          for
 <joe@contuso.com>;          Thu, 18 Aug 2016 08:04:01 +0000
X-RC-FROM: <bounces+826630-03ee-joe=contuso.com@email.goodrx.com>
X-RC-RCPT: <joe@contuso.com>
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=email.goodrx.com;
      h=content-type:from:mime-version:subject:to:list-unsubscribe;
      s=smtpapi; bh=nI0ETc4siUeeqE0aW6ByUW4XW+o=; b=N3patISXSK3cOYj5p4
      /QRPSP+EXm1T6EC7mqTMUiMhCVkYX6o9/PWZjninTXnTeN+joqDP6TnarZAo26io
      hbRzURcYknX5HTNZ4xUtx0u7FdgYKaOMGzHB8m9K9hshIz98HhCMY0JE0q/ChBv2
      v8qP2ON1lwIfhyPrXC0DoLUAE=
Received: by filter0196p1las1.sendgrid.net with SMTP id
 filter0196p1las1.6001.57B56BEB14        2016-08-18 08:03:55.481860943 +0000
 UTC
Received: from ODI2NjMw (ec2-204-236-149-232.us-west-1.compute.amazonaws.com
 [204.236.149.232])      by ismtpd0012p1las1.sendgrid.net (SG) with HTTP id
 z6Fo25xKSE6khE_UgRnBsA      for <joe@contuso.com>; Thu, 18 Aug 2016
 08:03:55.485 +0000 (UTC)
Content-Type: multipart/alternative;
      boundary="2a0f4bf16df38ca334295a378b6f9d8bad776c1ec847cf9de6c38434c1c4"
Date: Thu, 18 Aug 2016 08:03:55 +0000
From: GoodRx <no-reply@goodrx.com>
MIME-Version: 1.0
Subject: GoodRx - Your My Rx account is set up!
To: joe@contuso.com
Message-ID: <z6Fo25xKSE6khE_UgRnBsA@ismtpd0012p1las1.sendgrid.net>
X-SG-EID: FS+2Csyt4B3n1VYAYljlhEsaD3WbVuLN4l24TDbAQo0GOPWxUD5Smxde8YRKb738eLK1Sh/dW9CgMN
 s+GXH7UeQq23NALueVOAB/fhJIrUXEZJ9zecVPi+gQsL/bNDR+rISOZaKutqWOQ/whoNmiN6aqY6W0
 15/xsZ81oeazn99y139OKOuEGLc/hWszjoZpShh/Bacsq6ugAVR2LxupHQ==
X-SG-ID: lBO1GoPdSkYXCKIlFaV4t2paGB1f9MgO+qgYEqU7DuDHvFWy8uCnMTYbDjkSnKk94XmeMx+DtUtBTO
 K+MMUxJWruI7mISPviPSALcnIvKq0=
List-Unsubscribe: <http://email.goodrx.com/wf/unsubscribe?upn=5EkAOyONdohov9wua-2ByXWZKFHZErHyck-2Fabbq6t49m-2FGXHCadd5JUVXD11gAKnNXRIhOPFjMUnGj3iX7s4ODl1v-2FmMoEHHniSQyZyyQR0ZV0xtB7RdRdh9pOXaNVZJfzu7eqBIWcEQHN8u0C8gzLuN6L8XHPqYdQGxWRcH-2FyLfVzgwJh7M-2FdwJepmesuJFdeqtvv8pdF-2F-2FhrWSycpSsOf7ZU7mDRvVub-2BW8xR5jW6stjboEakN3GbKyIsm0r9dhaLSqR2HlMWigeN6xEBzLVkG30siJRvGTrlznYWCpGadGwUB-2FLUdAIfgIr-2Bx3dE67Y>, <mailto:unsubscribe@email.goodrx.com?subject=http://email.goodrx.com/wf/unsubscribe*q*upn=5EkAOyONdohov9wua-2ByXWZKFHZErHyck-2Fabbq6t49m-2FGXHCadd5JUVXD11gAKnNXRIhOPFjMUnGj3iX7s4ODl1v-2FmMoEHHniSQyZyyQR0ZV0xtB7RdRdh9pOXaNVZJfzu7eqBIWcEQHN8u0C8gzLuN6L8XHPqYdQGxWRcH-2FyLfVzgwJh7M-2FdwJepmesuJFdeqtvv8pdF-2F-2FhrWSycpSsOf7ZU7mDRvVub-2BW8xR5jW6stjboEakN3GbKyIsm0r9dhaLSqR2HlMWigeN6xEBzLVkG30siJRvGTrlznYWCpGadGwUB-2FLUdAIfgIr-2Bx3dE67Y>
Return-Path: no-reply@goodrx.com
X-MS-Exchange-Organization-PRD: contuso.local
X-MS-Exchange-Organization-SenderIdResult: None
Received-SPF: None (CONTUSO3.contuso.local:
 pop3connector@contuso.local does not designate permitted sender hosts)
X-MS-Exchange-Organization-SCL: 6
X-MS-Exchange-Organization-PCL: 2
X-MS-Exchange-Organization-Antispam-Report:
 DV:3.3.5705.600;SID:SenderIDStatus None;OrigIP:206.220.200.250
0
Comment
Question by:wfcrr
  • 2
3 Comments
 
LVL 90

Accepted Solution

by:
John Hurst earned 500 total points
Comment Utility
Message-ID: <z6Fo25xKSE6khE_UgRnBsA@ismtpd0012p1las1.sendgrid.net>

Sendgrid.net is a big source of spam and fraud. I got "bank" alerts from them.

Delete them - do NOT open.
0
 

Author Closing Comment

by:wfcrr
Comment Utility
Thank you!
0
 
LVL 90

Expert Comment

by:John Hurst
Comment Utility
You are very welcome. I hate Sendgrid, mostly because they won't kick the spammers out.
0

Featured Post

Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

Join & Write a Comment

Get an idea of what you should include in an email disclaimer with these Top 5 email disclaimer tips.
Easy CSR creation in Exchange 2007,2010 and 2013
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now