Fake emails?

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • drfsupercenter
    NOT an online superstore
    • Oct 2005
    • 4424
    #1

    Fake emails?

    Here's the story... My mom was complaining that she has been getting several emails from her to her, that she didn't send. I viewed the message source, and got what is below. My last name I replaced with ######, for security reasons.

    Fake Email is the email in questions, Real Email was one I sent from her, legitamitely, and the third one I sent from my Yahoo email to hers.


    Fake Email:

    Return-Path: <jr######@wideopenwest.com>
    Received: from smtp-3.wideopenwest.com (smtp-3.wideopenwest.com [10.75.2.3])
    by pop-15.wideopenwest.com (8.12.11/8.12.11) with ESMTP id k55NOhnX013574
    for <jr######@wideopenwest.com>; Mon, 5 Jun 2006 18:24:43 -0500
    Received: from psmtp.com (exprod7mx62.postini.com [64.18.2.64])
    by smtp-3.wideopenwest.com (8.11.6/8.11.6) with SMTP id k55NU3i08370
    for <jr######@wideopenwest.com>; Mon, 5 Jun 2006 18:30:05 -0500
    Received: from source ([68.248.28.66]) by exprod7mx62.postini.com ([64.18.6.10]) with SMTP;
    Mon, 05 Jun 2006 16:30:03 PDT
    Date: Mon, 05 Jun 2006 19:34:18 -0500
    To: "Jr######" <jr######@wideopenwest.com>
    From: "Jr######" <jr######@wideopenwest.com>
    Subject: 455
    Message-ID: <qskbkpatfkmfzyyuwaj@wideopenwest.com>
    MIME-Version: 1.0
    Content-Type: text/html; charset="us-ascii"
    Content-Transfer-Encoding: 7bit
    X-pstn-levels: (S: 0.15508/99.24933 )
    X-pstn-settings: 1 (0.1500:0.1500) gt3 gt2 gt1
    X-pstn-addresses: from <jr######@wideopenwest.com> forward (org good) [db-null]
    X-UIDL: ?e5"!!f##!1Yh!!L27"!

    <html><body>
    5556

    <br>
    </body></html>


    Real Email:

    Return-Path: <jr######@wideopenwest.com>
    Received: from FamilyRoom (d47-69-171-231.try.wideopenwest.com [69.47.231.171])
    by pop-8.dnv.wideopenwest.com (8.12.8/8.12.8) with SMTP id k55NrRGl030842
    for <jr######@wideopenwest.com>; Mon, 5 Jun 2006 18:53:28 -0500
    Message-ID: <004901c688fb$47dccf60$6501a8c0@FamilyRoom>
    From: "Jennifer ######" <jr######@wideopenwest.com>
    To: "Jennifer ######" <jr######@wideopenwest.com>
    Subject: test
    Date: Mon, 5 Jun 2006 19:53:43 -0400
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
    boundary="----=_NextPart_000_0046_01C688D9.C002FD60"
    X-Priority: 3
    X-MSMail-Priority: Normal
    X-Mailer: Microsoft Outlook Express 6.00.2900.2869
    X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
    X-UIDL: Q[4!!?cO"!:4-#!"Jg"!

    This is a multi-part message in MIME format.

    ------=_NextPart_000_0046_01C688D9.C002FD60
    Content-Type: text/plain;
    charset="iso-8859-1"
    Content-Transfer-Encoding: quoted-printable

    sdgfafgh
    ------=_NextPart_000_0046_01C688D9.C002FD60
    Content-Type: text/html;
    charset="iso-8859-1"
    Content-Transfer-Encoding: quoted-printable

    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
    <HTML><HEAD>
    <META http-equiv=3DContent-Type content=3D"text/html; =
    charset=3Diso-8859-1">
    <META content=3D"MSHTML 6.00.2900.2873" name=3DGENERATOR>
    <STYLE></STYLE>
    </HEAD>
    <BODY bgColor=3D#ffffff>
    <DIV><STRONG><FONT face=3D"BauerBodni BT"=20
    color=3D#800080>sdgfafgh</FONT></STRONG></DIV></BODY></HTML>

    ------=_NextPart_000_0046_01C688D9.C002FD60--


    Email From My Yahoo Account:

    Return-Path: <drfsupercenter@yahoo.com>
    Received: from smtp-1.wideopenwest.com (smtp-1.wideopenwest.com [10.75.2.1])
    by pop-4.dnv.wideopenwest.com (8.12.11/8.12.11) with ESMTP id k55NuwTk009879
    for <jr######@wideopenwest.com>; Mon, 5 Jun 2006 18:56:58 -0500
    Received: from psmtp.com (exprod7mx64.postini.com [64.18.2.66])
    by smtp-1.wideopenwest.com (8.11.6/8.11.6) with SMTP id k55NwAt04407
    for <jr######@wideopenwest.com>; Mon, 5 Jun 2006 18:58:10 -0500
    Received: from source ([206.190.39.133]) by exprod7mx64.postini.com ([64.18.6.10]) with SMTP;
    Mon, 05 Jun 2006 19:58:10 EDT
    Received: (qmail 74599 invoked by uid 60001); 5 Jun 2006 23:58:09 -0000
    DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
    s=s1024; d=yahoo.com;
    h=Message-ID:Receivedate:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding;
    b=5NF+iCKh38iMZNOk2X4pvzyiG7pyCqWuWISpGatPtO/3jLN6xXmN1ZdH+ldz9+X9TTg/W2hS3uPWT/ysCP6qAMcrfW1m0f1rws1lmFiUdj0DAtO7EwAWBZo8kG6XH6z3 4LUdrBxO5MJvVcrRWtF2m0QKmNP4ub5aqGJybY4u2g4= ;
    Message-ID: <20060605235809.74597.qmail@web51714.mail.yahoo.co m>
    Received: from [69.47.231.171] by web51714.mail.yahoo.com via HTTP; Mon, 05 Jun 2006 16:58:09 PDT
    Date: Mon, 5 Jun 2006 16:58:09 -0700 (PDT)
    From: Danny <drfsupercenter@yahoo.com>
    Subject: Test
    To: Jennifer ###### <jr######@wideopenwest.com>
    MIME-Version: 1.0
    Content-Type: multipart/alternative; boundary="0-246866910-1149551889=:70418"
    Content-Transfer-Encoding: 8bit
    X-pstn-levels: (S:27.64241/99.90000 )
    X-pstn-settings: 1 (0.1500:0.1500) gt3 gt2 gt1
    X-pstn-addresses: from <drfsupercenter@yahoo.com> [db-null]
    X-UIDL: `Fe!!Wp1!!_GX!!GNm!!

    --0-246866910-1149551889=:70418
    Content-Type: text/plain; charset=iso-8859-1
    Content-Transfer-Encoding: 8bit

    fhjgfasggvh
    __________________________________________________
    Do You Yahoo!?
    Tired of spam? Yahoo! Mail has the best spam protection around
    Yahoo Mail - Organized Email
    http://mail.yahoo.com
    It's time to get stuff done with Yahoo Mail. Just add your Gmail, Outlook, AOL or Yahoo Mail to get going. We automatically organize all the things life throws at you, like receipts and attachments, so you can find what you need fast. Plus, we've got your back with other convenient features like one-tap unsubscribe, free trial expiration alerts and package tracking

    --0-246866910-1149551889=:70418
    Content-Type: text/html; charset=iso-8859-1
    Content-Transfer-Encoding: 8bit

    fhjgfasggvh<p>&#32;_______________________________ ___________________<br>Do You Yahoo!?<br>Tired of spam? Yahoo! Mail has the best spam protection around <br>http://mail.yahoo.com
    --0-246866910-1149551889=:70418--
    I have gotten a similar email "from me" too, has anyone else had this happen, or know what this "postini" or that "forward (org good) [db-null]" is?

    Thanks in advance!
    CYA Later:

    d̃ŗf̉śŭp̣ễr̀çëǹt̉ếř
    Visit my website!!

    Cool Characters Make your text cool
    My DVD Collection
    Tags: None
    • Chewy
      Super Moderator
      • Nov 2003
      • 18971
      #2
      spamfilter

      now danny

      another spambot, your work is never done

        Comment

        • drfsupercenter
          NOT an online superstore
          • Oct 2005
          • 4424
          #3
          That's what I told my mom, LOL

          So I don't need to install some sort of special program?
          CYA Later:

          d̃ŗf̉śŭp̣ễr̀çëǹt̉ếř
          Visit my website!!

          Cool Characters Make your text cool
          My DVD Collection

            Comment

            • Chewy
              Super Moderator
              • Nov 2003
              • 18971
              #4
              I am getting a feeling of dejavus here, didn't we just do this, clean up your mom's computer?

              Not Found
              http://www.geobytes.com/IpLocator.htm?GetLocation


              you in michingan, isp server mail is in california?
              Last edited by Chewy; 6 Jun 2006, 12:17 PM.

                Comment

                • drfsupercenter
                  NOT an online superstore
                  • Oct 2005
                  • 4424
                  #5
                  Err, my dad's computer was the one I reformatted most recently, my mom's was the one that got spyware on it and I had to call HP for recovery discs.

                  And yes I am in Michigan, no idea where WideOpenWest is located. Maybe somewhere in the Wide Open West?
                  CYA Later:

                  d̃ŗf̉śŭp̣ễr̀çëǹt̉ếř
                  Visit my website!!

                  Cool Characters Make your text cool
                  My DVD Collection

                    Comment

                    • Chewy
                      Super Moderator
                      • Nov 2003
                      • 18971
                      #6
                      So her computer is clean? tracing emails is complcated but full headers is the
                      best way. I used to get some weird emails, I would trace servers and then call friends and say you got a virus, the spam and virus filters seem to stop most of this now. A spamming virus will fake the from but can't fake the IP addy.

                        Comment

                        • spuddog
                          #7
                          know what this "postini" is

                          It's a web based e-mail, some ISP provide it instead of useing their own

                            Comment

                            • drfsupercenter
                              NOT an online superstore
                              • Oct 2005
                              • 4424
                              #8
                              Well, all I can find is what I posted. How would I find the IP address?

                              @spuddog, does that mean that someone using postini sent the spam?
                              CYA Later:

                              d̃ŗf̉śŭp̣ễr̀çëǹt̉ếř
                              Visit my website!!

                              Cool Characters Make your text cool
                              My DVD Collection

                                Comment

                                • Chewy
                                  Super Moderator
                                  • Nov 2003
                                  • 18971
                                  #9
                                  looked like your isp is using postini as a filter,those numbers in your headers are the ip addys

                                  206.190.39.133
                                  64.18.2.64
                                  10.75.2.3

                                  do whois lookups and iplocater

                                    Comment

                                    • Chewy
                                      Super Moderator
                                      • Nov 2003
                                      • 18971
                                      #10
                                      ever hear of a town called redford michigan
                                      what's for supper?

                                        Comment

                                        • drfsupercenter
                                          NOT an online superstore
                                          • Oct 2005
                                          • 4424
                                          #11
                                          ever hear of a town called redford michigan
                                          what's for supper?
                                          Yeah I heard of it, why?

                                          I live in Troy, MI (about 30 mins from Detroit).
                                          CYA Later:

                                          d̃ŗf̉śŭp̣ễr̀çëǹt̉ếř
                                          Visit my website!!

                                          Cool Characters Make your text cool
                                          My DVD Collection

                                            Comment

                                            • Chewy
                                              Super Moderator
                                              • Nov 2003
                                              • 18971
                                              #12
                                              local server?

                                                Comment

                                                Previous template Next
                                                Working...