Results 1 to 10 of 10
  1. #1
    5 Star Lounger Vincenzo's Avatar
    Join Date
    Mar 2004
    Posts
    654
    Thanks
    95
    Thanked 14 Times in 13 Posts

    Spoofed emails sent by a spammer?

    A friend keeps getting messages saying email was undeliverable, but the emails were not sent by her and she does not recognize the email addresses. I checked her sent box in her mail client, as well as the webmail interface in Cox, and the emails do not appear there either. So I am assuming someone is spoofing her email address and sending the spam.

    What do I need to look at in the Message Source code to see who is really sending the emails? In the Source code I can see a line "Received From:" that has an email and IP address she does not recognize. Other than that I don't see anything that looks like another email address. And the address on that line changes from one returned email to the next.

    This has been going on for over a month, and Cox is complaining about all the returned emails, I guess they think she is a spammer.

    Thanks

  2. #2
    5 Star Lounger
    Join Date
    Dec 2000
    Location
    Calgary, Alberta, Canada
    Posts
    818
    Thanks
    6
    Thanked 1 Time in 1 Post
    If you have an IP address, then you can try "WHOIS" - https://who.is/ to see if you can find the culprit.

    There my be other ways to find him/her as well.

    Ron M

  3. The Following User Says Thank You to Ron M For This Useful Post:

    Vincenzo (2016-09-23)

  4. #3
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,491
    Thanks
    284
    Thanked 577 Times in 480 Posts
    A trace from the email headers might help: http://whatismyipaddress.com/trace-email

  5. The Following User Says Thank You to satrow For This Useful Post:

    Vincenzo (2016-09-23)

  6. #4
    Star Lounger
    Join Date
    Jul 2013
    Location
    Murphy, NC
    Posts
    66
    Thanks
    0
    Thanked 8 Times in 8 Posts
    Also, your friend might explain to Cox that she is not the true sender and ask Cox to investigate who is (which I think Cox should have done in the first place).

  7. The Following User Says Thank You to DavidHLevin For This Useful Post:

    Vincenzo (2016-09-23)

  8. #5
    5 Star Lounger Lugh's Avatar
    Join Date
    Jun 2010
    Location
    Indy
    Posts
    620
    Thanks
    166
    Thanked 77 Times in 68 Posts
    I agree David, Cox should know better. They could start at Wiki.

    Spoofing was very common last decade, but seems to have died out this one. My business email address used to be spoofed 3-4 times a year, for a few days at a time--then the spammer would move on to the next address in their list.

    Quote Originally Posted by Vincenzo View Post
    What do I need to look at in the Message Source code to see who is really sending the emails?
    You will very probably be wasting your time Vincenzo, unless it's a kid or amateur. Almost always this is someone using a botnet of infected computers, so the only address you'll discover is some oblivious innocent.

    Quote Originally Posted by Vincenzo View Post
    In the Source code I can see a line "Received From:" that has an email and IP address she does not recognize. ... And the address on that line changes from one returned email to the next.
    I assume the "Received From:" is from wherever the email tried to be delivered, so typically an ISP--are the addresses something like "postmaster@" or "mailer-daemon@"?

    The ISPs are letting the supposed sender [your friend] know that they couldn't deliver the email. The spammer's list of target addresses is probably old--or he's just doing random shots like mary10@, mary11@ etc--so many of the addresses are dead now.

    The advice is to ignore this, there's very little you or she can do other than waste your time--apart from educate Cox! If it's similar to last decade, it should blow over shortly, and reappear periodically thereafter.
    Lugh.
    ~
    Windows 10 Pro x64 1607; Office 2016 (365 Home) x32; Win Defender, MBAM Pro

    ASRock H97 Anniversary; Xeon E3-1231V3 (like i7)
    Gigabyte GeForce GTX 970; 12GB Crucial DDR3 1600
    Logitech MX Master mouse; Roccat Isku kb

  9. The Following User Says Thank You to Lugh For This Useful Post:

    Vincenzo (2016-09-23)

  10. #6
    Silver Lounger RolandJS's Avatar
    Join Date
    Dec 2009
    Location
    Austin metro area TX USA
    Posts
    1,730
    Thanks
    95
    Thanked 128 Times in 125 Posts
    Keep reminding Cox -- if they remain un-convinced, they could block your email account -- no more emails out or in.
    "Take care of thy backups and thy restores shall take care of thee." Ben Franklin revisited.
    http://collegecafe.fr.yuku.com/forum...-Technologies/

  11. The Following User Says Thank You to RolandJS For This Useful Post:

    Vincenzo (2016-09-23)

  12. #7
    Silver Lounger lumpy95's Avatar
    Join Date
    Feb 2013
    Location
    Mojave Desert CA
    Posts
    1,843
    Thanks
    258
    Thanked 175 Times in 148 Posts
    A friend keeps getting messages saying email was undeliverable, but the emails were not sent by her and she does not recognize the email addresses. I checked her sent box in her mail client, as well as the webmail interface in Cox, and the emails do not appear there either. So I am assuming someone is spoofing her email address and sending the spam.
    There's a real possibility that the cox/email password has been compromised, I would suggest changing the password immediately to something strong. It has happened to a number of my contacts and once they changed their password, it stopped.

  13. The Following User Says Thank You to lumpy95 For This Useful Post:

    Vincenzo (2016-09-23)

  14. #8
    New Lounger
    Join Date
    Mar 2012
    Location
    Orange County
    Posts
    11
    Thanks
    0
    Thanked 2 Times in 2 Posts

    Cox is a challenge

    I would also recommend communicating with Cox about the problem, but my experience with Cox is extremely poor. For any SPAM I always use SpamCop the results of which you might be able to forward to Cox with a note. One of the numerous problems I have with Cox is that I cannot forward SPAM email through their servers.

  15. The Following User Says Thank You to Fontman For This Useful Post:

    Vincenzo (2016-09-23)

  16. #9
    5 Star Lounger Vincenzo's Avatar
    Join Date
    Mar 2004
    Posts
    654
    Thanks
    95
    Thanked 14 Times in 13 Posts
    Thanks for the suggestions. I will try whois and tracing the headers.

    We've changed the email password a few times, Cox has invalidated the old one repeatedly so we had to.

    I'm waiting to hear back from my friend, so we can talk to Cox some more.

    Thanks

  17. #10
    New Lounger
    Join Date
    Mar 2012
    Location
    Orange County
    Posts
    11
    Thanks
    0
    Thanked 2 Times in 2 Posts

    Cox is a challenge

    Quote Originally Posted by Vincenzo View Post
    Thanks for the suggestions. I will try whois and tracing the headers.

    We've changed the email password a few times, Cox has invalidated the old one repeatedly so we had to.

    I'm waiting to hear back from my friend, so we can talk to Cox some more.

    Thanks
    One of the main advantages of SpamCop, is that is traces the real source of the message, plus identifies the hosting service of any web link within the email. It's free, or by donation. If any source ISP refuses to accept SpamCop reports, I'll usually usually forward the entire message directly to them. I also always copy spam@uce.gov on every report.

  18. The Following User Says Thank You to Fontman For This Useful Post:

    Vincenzo (2016-09-24)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •