How Can I Tell Where This Email Is Really Coming From?

by 14 comments
I have a problem that may be more serious than I thought.

I am getting emails from one of my other email accounts but I am not
sending them.

Now, I know to look at the header and see if there is another email
address listed, but there isn't. The only email address listed in the header
is my own.

Is there something else I can look at to see where this email is really
coming from?

I do see this:

Received: from [85.100.56.163] (port=4674 helo=xxxxxx.com)
by xxxx.xxxxxxxx.com with smtp (Exim 4.68)
(envelope-from <myaddress@mydomain.com>)
id 1LEA0M-0002CG-Ru
for myaddress@mydomain.com; Sat, 20 Dec 2008

I have removed all the actual information because I don't want to publicly
get somebody in trouble, but where it says port=4674 and then there
is a domain after it, is that where the email is actually orginating from?

I replaced my actual email address with myaddress@mydomain.com.

Any help anybody can give me on this will be appreciated.

Thanks.
#internet marketing #coming #email
  • Profile picture of the author KirkMcD
    Is that the entire header?

    This is where it originated, if it is.
    Received: from [85.100.56.163]
    Here is the Whois for the ip:
    http://www.db.ripe.net/whois?form_ty..._search=Search
    • Profile picture of the author Steven Wagenheim
      Originally Posted by KirkMcD View Post

      Is that the entire header?

      This is where it originated, if it is.


      Here is the Whois for the ip:
      Query the RIPE Database
      Thanks Kirk, now how do I stop it? Apparently, this is out in the land of "the
      foreign spammers". Do I have a prayer or do I just forget about it?
    • Profile picture of the author ExRat
      Hi Steven,

      I'm getting nailed on one of my paypal emails in the same manner. It started about two weeks ago. Are the emails all very short messages with 'click here to view message' images?

      This ****** has almost forced me to dump this email address. There's spam and there's persistent spam. This is pissistent...

      It's from my domain and the emails are all sent from 'my address' to the same one that's 'sending' them.



      Hey thanks Kirk. That helped.
  • Profile picture of the author Andy Fletcher
    Its a common spamming trick to send people email from themselves. Depending on what software is used for the mail server is definitely possible to block this kind of spam.

    You'll need to find out what IP address you actually send email from (this will be the IP address of your SMTP server) then you can blacklist your own email accounts unless they come from the real IP address.
  • Profile picture of the author Andy Fletcher
    Oh, and another thing, your biggest problem will most likely be the computer sending it is owned by some completely unsuspecting guy/girl who has had their computer compromised by a virus which has installed an SMTP server on it.
    • Profile picture of the author Steven Wagenheim
      Okay, I just checked several of these emails and they're all from different IP
      addresses, so either they are being sent by different people (doubtful as
      they are all the same type of emails) or they are being sent using some
      kind of rotating IP scheme (assuming this can be done...no, I'm not a techno
      geek so I don't know.)
    • Profile picture of the author radhika
      Received: from [85.100.56.163] (port=4674 helo=xxxxxx.com)
      by xxxx.xxxxxxxx.com with smtp (Exim 4.68)
      (envelope-from <myaddress@mydomain.com>)
      id 1LEA0M-0002CG-Ru
      for myaddress@mydomain.com; Sat, 20 Dec 2008
      Steven,

      The ip is from Turkey. Somebody spoofing your domain email address to send email. Ask your host to set up SPF record for you. It simply tells the world that your email from your site are ONLY sent from your allowed ip address (mostly your server main ip). So if somebody uses your domain email from their own ip, that email will be rejected by receiving mail server.

      .
  • Profile picture of the author Andy Fletcher
    The simplest fix is actually to just blacklist your own email addresses. How often do you email yourself anyway?
    • Profile picture of the author Steven Wagenheim
      Originally Posted by Andy Fletcher View Post

      The simplest fix is actually to just blacklist your own email addresses. How often do you email yourself anyway?
      I can't do that. I forward emails from that address to my AOL account. I
      do this because I have so many email addresses that it's easier to read all
      the customer service emails from one place.

Next Topics on Trending Feed