This stuff is about as common as it gets in email. No decent mail admin would block an email address. Most spam filters are way more sophisticated than that. I am going to say that 99% of spam is spoofed to look like it came from some real but unrelated address. There is even a name for the messages you get when a spammer uses your email address -- backscatter. If your client is getting messages that say they are sending spam, that's called backscatter. No decent mail admin sends backscatter either. Your client may be getting messages from people they actually know asking what's up. Technically, that's probably backscatter but it is a little different. Even so, it's about as common an occurance as there is in mail admin. The only thing you should be worried about is that the client'scontact list may have been stolen. Maybe not, spammers sometimes guess those things. But your client should take the usual steps to protect their account. Scan for malware/viruses, change password, etc. On 11/19/2014 04:07 PM, Frank Ventura wrote:
Scott, thanks very much. I think it may be South Korea. I have a cleitn who is having email sent with her name in the display field and her name in the subject field to everyone in her address book and it is coming from that IP. For example if her name was Jane Doe the display field would read "Jane Doe" and the subject line would be something like "From Jane Doe". The reply to email field is aseemingly legit email address that is not familiar to her. The spam was sent to every address in her contacts. She uses Yahoo and access her email from a variety of locations (I know, I have lectured her about that), and it doesn't look like her account is being used for this, but the contact addresses came from it. I am pretty concerned about this because I am worried that since her name appears in the subject line of this spam automatic spam traps will associate the string of characters in her name and get her real email on some sort of RTBL. Anyone have any ideas as to how to proceed? Thanks Frank
-----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Scott Granados Sent: Wednesday, November 19, 2014 12:32 PM To: Blind sysadmins list Subject: Re: [Blind-sysadmins] Can't identify the source of an email
From a unix prompt
whois -h whois.arin.net a.b.c.d
that refers to APNIC
Thanks Scott
On Nov 19, 2014, at 12:25 PM, Frank Ventura <frank.ventura@littlebreezes.com> wrote:
Scott, thanks I suspected Pacific rim with the lengthy roundtrip time. How did you determine it was registered through APNIC? I couldn't find that. Thanks a million Frank
-----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Scott Granados Sent: Wednesday, November 19, 2014 12:18 PM To: Blind sysadmins list Subject: Re: [Blind-sysadmins] Can't identify the source of an email
Looks to be originating from Asia probably China.
Space is registered through APNIC and pings at about 256 MS from the east coast so that's somewhere in Asia.
On Nov 19, 2014, at 12:03 PM, Frank Ventura <frank.ventura@littlebreezes.com> wrote:
Hi all, can anyone find out where 1.247.239.156 is located? I am trying to track the source of a message from the headers (complete headers below my signature). I believe it was sent from Mac mail from the IP 1.247.239.156, however the MX lookup tools I tried can find no info on it. If anyone can find info on it I would be much appreciative and would like to know what IP lookup tool/site you used. Thanks Frank
Received: from imta01.potomac.co.businessclass.comcast.net (76.96.111.6) by PO3HUB02.po3.comcast.net (172.28.120.83) with Microsoft SMTP Server id 8.2.176.0; Wed, 19 Nov 2014 05:09:15 -0700 Received: from gateway09.websitewelcome.com ([67.18.22.68]) by imta01.potomac.co.businessclass.comcast.net with bizsmtp id HQ9F1p00A1U8Qlv01Q9Fxe; Wed, 19 Nov 2014 12:09:15 +0000 X-Authority-Analysis: v=2.1 cv=bOkvfpOZ c=1 sm=1 tr=0 a=O8dMqjIdXSYa24Dqlu27Ng==:117 a=jKXCHJlMi5F8DUgzl1pw/w==:17 a=8FReB3YSAAAA:8 a=C_IRinGWAAAA:8 a=GGcpBh7Jt_oA:10 a=1Ba1OpodAAAA:8 a=9ljd86bzAAAA:8 a=5y4faFyK3SkA:10 a=MmKI78uIAAAA:8 a=ONDYxRQITLK1j6iyI8QA:9 a=CjuIK1q_8ugA:10 a=AvFDL4lGemcA:10 a=btCkTeil33UA:10 a=jyd_aXC4MeMA:10 a=SRTwvUNFsXIA:10 a=J-sL2Nj7dvPPwdFPHhMA:9 a=9sHIHh8haYN-1S6t:21 a=_W_S_7VecoQA:10 Received: by gateway09.websitewelcome.com (Postfix, from userid 507) id 8E26FFD80CB1B; Wed, 19 Nov 2014 06:09:13 -0600 (CST) Received: from cm2.websitewelcome.com (unknown [192.185.178.13]) by gateway09.websitewelcome.com (Postfix) with ESMTP id 3EF3EFD80CA47 for <frank.ventura@littlebreezes.com>; Wed, 19 Nov 2014 06:09:13 -0600 (CST) Received: from gator3052.hostgator.com ([50.87.144.67]) by cm2.websitewelcome.com with id HQ9B1p0191TTqGJ01Q9CWn; Wed, 19 Nov 2014 06:09:13 -0600 Received: from [1.247.239.156] (port=5466 helo=dsbworld.com) by gator3052.hostgator.com with esmtpa (Exim 4.82) (envelope-from <rob@dsbworld.com>) id 1Xr44J-0007nL-JY; Wed, 19 Nov 2014 06:09:08 -0600 From: vivian nash <rob@dsbworld.com> Content-Type: multipart/alternative; boundary="Apple-Mail=_----=_NextPart_000_AC3F_5DBF8C02.323F0328" Subject: from vivian nash Message-ID: <6849dc53062b$71d0bb74$83e0ced0$@dsbworld.com> Date: Wed, 19 Nov 2014 01:08:56 +0000 To: "Frank Ventura" <frankv8@aol.com>, "Frank Ventura" <frank@littlebreezes.com>, "Frank Ventura" <frank.ventura@littlebreezes.com>, "Vicki Citron" <citronmusic@gmail.com>, "=?ISO-8859-1?Q?Dvortsov=2C_Victor?=" <Victor.Dvortsov@morganstanley.com>, "Victor" <victor@bostoncremation.org>, "victor dvortsov" <victor_dvortsov@yahoo.com>, "violavivagain" <violavivagain@gmail.com>, "Zenta Walther" <zenta.walther@yale.edu>, "Anne Warner" <warnertaub@aol.com>, "Benjamin Weil" <benjweil@gmail.com>, "Rich Weiner" <RWeiner@aafcpa.com>, "=?ISO-8859-1?Q?Swenson=2C_William?=" <WSwenson@tiaa-cref.org>, "David Williams" <dwilliams@tiac.net>, "Stephanie Wingfield" <s_wingfield@hotmail.com>, "Vin Winters" <vin@westonkitchens.com>, "Jane Wiseman" <jane.wiseman@carroll.org>, "wmacknight" <wmacknight@polysci.umass.edu>, "Jan Woiler" <jwoiler@aol.com>, "Scott Woolweaver" <swoolweaver@hotmail.com> MIME-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) X-Mailer: Apple Mail (2.1878.6) X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - gator3052.hostgator.com X-AntiAbuse: Original Domain - littlebreezes.com X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - dsbworld.com X-BWhitelist: no X-Source-IP: 1.247.239.156 X-Exim-ID: 1Xr44J-0007nL-JY X-Source: X-Source-Args: X-Source-Dir: X-Source-Sender: (dsbworld.com) [1.247.239.156]:5466 X-Source-Auth: rob@dsbworld.com X-Email-Count: 98 X-Source-Cap: d2dwcm9kO3dncHJvZDtnYXRvcjMwNTIuaG9zdGdhdG9yLmNvbQ== Return-Path: rob@dsbworld.com
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins