days_unfolding

Would one of you tech-savvy guys tell me how someone could send e-mail that appears to be coming from my user ID? Someone has been sending e-mail for a porn site under my ID, some of which bounced back as undeliverable (which is how I know about it). At first, I was thinking that my machine has a Trojan Horse, but I think my machine was shut down when the e-mail would have been sent. (How would I know a Trojan Horse is there?) It also has recently been swept by McAfee. The other day, someone also sent the same spam message over and over enough times to temporarily shut down my Hotmail account. I thought it was coincidence, but now I think that it's the caller. I had just written about the calls starting up again.

I should also contact my ISP and let them know what's going on (in case someone complains). Maybe they can change my ID.

I'll also definitely ask Erik to be involved. That is, my tech-savvy ex-husband who is a hardware engineer (hardware architect) with around 17 years of experience. He's known me since we were both 15, and isn't likely to be thrilled with someone messing with me, even though we've split.

S	M	T	W	T	F	S
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30

Most Popular Tags

aargh - 193 uses
auntie a - 89 uses
bella - 168 uses
blog - 66 uses
book - 197 uses
car - 91 uses
cats - 378 uses
chores - 508 uses
christmas - 60 uses
classes - 295 uses
cleaning - 273 uses
clothes - 248 uses
cooking - 193 uses
cruise - 79 uses
dad - 113 uses
decluttering - 99 uses
doctor - 87 uses
errands - 473 uses
exercise - 138 uses
food - 603 uses
furniture - 85 uses
garden - 219 uses
harlee - 215 uses
headache - 105 uses
house - 175 uses
italian - 329 uses
lily - 112 uses
mimi - 815 uses
mom - 632 uses
mom's house - 163 uses
money - 242 uses
move - 112 uses
moving - 78 uses
music - 62 uses
oliver - 130 uses
organizing - 139 uses
ouch - 83 uses
piano - 94 uses
retirement - 103 uses
school - 82 uses
sick - 125 uses
singing - 91 uses
sleep - 700 uses
tired - 129 uses
travel - 476 uses
tv - 116 uses
voice - 70 uses
weather - 593 uses
work - 493 uses
zara - 967 uses

Flat | Top-Level Comments Only

From:

cyberpigue.livejournal.com

It's not that hard to setup an email to look like it came from a certain address when it didn't. You just set the "email address" and "reply to" information to the email program to the address you want to use.

What is harder is faking the header information. I understand it can be done, but it is harder.

Your header information on the email (hopefully you saved one of them) could tell you what you need to know about the real sender.

(Set by me entering a reply to address in Outlook)
Return-Path: <pigue@tds.net>
(Indicates a relay from one of my ISP's message server to another)
Received: from bm3.mail.tds.net ([216.170.230.73]) by bm5.mail.tds.net
with ESMTP id <20020420130957.XXKA14737.bm5@bm3.mail.tds.net>
for <pigue@tds.net>; Sat, 20 Apr 2002 08:09:57 -0500
(Shows which mail server(s) sent the message - note that it sees a problem with the IP address vs domain name and tells me it may be forged. Each received line indicates travel through another machine.)
Received: from ehostingbiz.com ( [208.147.54.30] (may be forged))
by bm3.mail.tds.net (8.12.2/8.12.2) with SMTP id g3KD9ti7009389
for <pigue@tds.net>; Sat, 20 Apr 2002 08:09:55 -0500 (CDT)
Received: (qmail 98251 invoked by uid 500); 20 Apr 2002 13:14:21 -0000
Delivered-To: cyberpigue.com-1@cyberpigue.com
Received: (qmail 98248 invoked from network); 20 Apr 2002 13:14:21 -0000
Received: from bm6.mail.tds.net (216.170.230.82)
by ns1.ehostingbiz.com with SMTP; 20 Apr 2002 13:14:21 -0000
(This line - the last and therefore the originating - shows which IP and machine the mail came from. The computer I was using is netbios'd as "main", and my IP address follows)
(You can then copy the IP to the "whois" (http://www.arin.net/whois/index.html) locator and figure out who to contact about the offender - this will likely be their service provider)
Received: from main ([207.1.20.207]) by bm6.mail.tds.net with SMTP
id <20020420130952.YHWL13931.bm6@main> for <1@cyberpigue.com>;
Sat, 20 Apr 2002 08:09:52 -0500
(Both the Reply-To and the From are easily faked with Outlook)
Reply-To: <pigue@tds.net>
From: "Kurt Bradley" <pigue@tds.net>
(This example message was sent by me to my cyberpigue account which is forwarded right back to my home account)
To: <1@cyberpigue.com>
Subject:
Date: Sat, 20 Apr 2002 09:12:40 -0400
Message-ID: <NEBBJFEFIKCNPFGKAJKCCECDCMAA.pigue@tds.net>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000

Hope this helps. If you have trouble with it, send me one of the emails *as an attachment* and I will look at it for you.

days-unfolding.livejournal.com

Thanks for the info! What they did wasn't very sophisticated at all. They changed the Return Path and From IDs to my ID, but left the Reply To ID as a different ID (presumably theirs) at my ISP. Actually, they have three different IDs. It looks like it was a spammer trying to divert any complaints to me (gee, thanks) rather than the caller. I'm going to send the e-mails to my ISP.

Navigation

Tech help

Tech help

no subject

no subject

Profile

June 2025

Most Popular Tags

Page Summary

Active Entries

Style Credit

Expand Cut Tags