Freelancer.com

Go Back   Warrior Forum - The #1 Internet Marketing Forum & Marketplace > The Warrior Forum > Main Internet Marketing Discussion Forum
Register Blogs Social Groups Advertise with usHelp Desk

Reply
LinkBack Thread Tools
Unread 20th December 2008, 04:29 PM   #1
Starting Over
War Room Member
 
Steven Wagenheim's Avatar
 
Join Date: 2006
Location: Roselle, NJ, USA
Posts: 17,231
Blog Entries: 13
Thanks: 1,825
Thanked 7,454 Times in 2,905 Posts
Default How Can I Tell Where This Email Is Really Coming From?

I have a problem that may be more serious than I thought.

I am getting emails from one of my other email accounts but I am not
sending them.

Now, I know to look at the header and see if there is another email
address listed, but there isn't. The only email address listed in the header
is my own.

Is there something else I can look at to see where this email is really
coming from?

I do see this:

Received: from [85.100.56.163] (port=4674 helo=xxxxxx.com)
by xxxx.xxxxxxxx.com with smtp (Exim 4.68)
(envelope-from <myaddress@mydomain.com>)
id 1LEA0M-0002CG-Ru
for myaddress@mydomain.com; Sat, 20 Dec 2008

I have removed all the actual information because I don't want to publicly
get somebody in trouble, but where it says port=4674 and then there
is a domain after it, is that where the email is actually orginating from?

I replaced my actual email address with myaddress@mydomain.com.

Any help anybody can give me on this will be appreciated.

Thanks.

Steven Wagenheim is online now   Reply With Quote
Unread 20th December 2008, 04:34 PM   #2
Senior Warrior Member
War Room Member
 
Join Date: 2006
Location: , , USA.
Posts: 2,962
Thanks: 56
Thanked 246 Times in 228 Posts
Default Re: How Can I Tell Where This Email Is Really Coming From?

Is that the entire header?

This is where it originated, if it is.
Quote:
Received: from [85.100.56.163]
Here is the Whois for the ip:
http://www.db.ripe.net/whois?form_ty..._search=Search

KirkMcD is offline   Reply With Quote
Unread 20th December 2008, 04:38 PM   #3
Starting Over
War Room Member
 
Steven Wagenheim's Avatar
 
Join Date: 2006
Location: Roselle, NJ, USA
Posts: 17,231
Blog Entries: 13
Thanks: 1,825
Thanked 7,454 Times in 2,905 Posts
Default Re: How Can I Tell Where This Email Is Really Coming From?

Quote:
Originally Posted by KirkMcD View Post
Is that the entire header?

This is where it originated, if it is.


Here is the Whois for the ip:
Query the RIPE Database
Thanks Kirk, now how do I stop it? Apparently, this is out in the land of "the
foreign spammers". Do I have a prayer or do I just forget about it?

Steven Wagenheim is online now   Reply With Quote
Unread 20th December 2008, 04:40 PM   #4
Dare To Be Different
War Room Member
 
ExRat's Avatar
 
Join Date: 2005
Location: U.K.
Posts: 9,148
Thanks: 1,575
Thanked 3,125 Times in 1,203 Posts
Default Re: How Can I Tell Where This Email Is Really Coming From?

Hi Steven,

I'm getting nailed on one of my paypal emails in the same manner. It started about two weeks ago. Are the emails all very short messages with 'click here to view message' images?

This ****** has almost forced me to dump this email address. There's spam and there's persistent spam. This is pissistent...

It's from my domain and the emails are all sent from 'my address' to the same one that's 'sending' them.



Hey thanks Kirk. That helped.



Roger Davis

ExRat is offline   Reply With Quote
Unread 20th December 2008, 04:43 PM   #5
Starting Over
War Room Member
 
Steven Wagenheim's Avatar
 
Join Date: 2006
Location: Roselle, NJ, USA
Posts: 17,231
Blog Entries: 13
Thanks: 1,825
Thanked 7,454 Times in 2,905 Posts
Default Re: How Can I Tell Where This Email Is Really Coming From?

Quote:
Originally Posted by ExRat View Post
Hi Steven,

I'm getting nailed on one of my paypal emails in the same manner. It started about two weeks ago. Are the emails all very short messages with 'click here to view message' images?

This ****** has almost forced me to dump this email address. There's spam and there's persistent spam. This is pissistent...

It's from my domain and the emails are all sent from 'my address' to the same one that's 'sending' them.

Roger yes, it's the same, but fortunately I'm not getting so many that
I have to dump the address.

Curious. Knowing the real location, is it possible to block email by the
IP address or real location?

Certainly there has to be a way to do that. If not, somebody should
invent it.

Steven Wagenheim is online now   Reply With Quote
Unread 20th December 2008, 04:45 PM   #6
HyperActive Warrior
War Room Member
 
Jim M's Avatar
 
Join Date: 2007
Location: Northern Ireland
Posts: 165
Thanks: 48
Thanked 45 Times in 31 Posts
Default Re: How Can I Tell Where This Email Is Really Coming From?

The starting point would be to report the Source IP address to the hosting company as being suspected of sending spam emails fraudulently using your details - see what they can come up with.

I've had emails arrive in my gmail in box from me, when I check the details it even shows it's still from me - at the moment I only get the odd one, if it grew to a flood then I'd get worried and shut down the account.

Jim Montgomery www.fivestarmarketing.eu - video tutorials and more DavidJamesPublishing.Com
Jim M is offline   Reply With Quote
Unread 20th December 2008, 04:48 PM   #7
Senior Warrior Member
War Room Member
 
Andy Fletcher's Avatar
 
Join Date: 2006
Location: , , .
Posts: 2,657
Thanks: 1,146
Thanked 1,636 Times in 477 Posts
Default Re: How Can I Tell Where This Email Is Really Coming From?

Its a common spamming trick to send people email from themselves. Depending on what software is used for the mail server is definitely possible to block this kind of spam.

You'll need to find out what IP address you actually send email from (this will be the IP address of your SMTP server) then you can blacklist your own email accounts unless they come from the real IP address.

Andy Fletcher is offline   Reply With Quote
Unread 20th December 2008, 04:49 PM   #8
HyperActive Warrior
War Room Member
 
Jim M's Avatar
 
Join Date: 2007
Location: Northern Ireland
Posts: 165
Thanks: 48
Thanked 45 Times in 31 Posts
Default Re: How Can I Tell Where This Email Is Really Coming From?

Quote:
Originally Posted by Steven Wagenheim View Post
Curious. Knowing the real location, is it possible to block email by the
IP address or real location?

Certainly there has to be a way to do that. If not, somebody should
invent it.

Isn't there a setting in one of the spam filters within Cpanel hosting where you can block an IP address?

Jim Montgomery www.fivestarmarketing.eu - video tutorials and more DavidJamesPublishing.Com
Jim M is offline   Reply With Quote
Unread 20th December 2008, 04:50 PM   #9
Senior Warrior Member
War Room Member
 
Andy Fletcher's Avatar
 
Join Date: 2006
Location: , , .
Posts: 2,657
Thanks: 1,146
Thanked 1,636 Times in 477 Posts
Default Re: How Can I Tell Where This Email Is Really Coming From?

Oh, and another thing, your biggest problem will most likely be the computer sending it is owned by some completely unsuspecting guy/girl who has had their computer compromised by a virus which has installed an SMTP server on it.

Andy Fletcher is offline   Reply With Quote
Unread 20th December 2008, 04:54 PM   #10
Starting Over
War Room Member
 
Steven Wagenheim's Avatar
 
Join Date: 2006
Location: Roselle, NJ, USA
Posts: 17,231
Blog Entries: 13
Thanks: 1,825
Thanked 7,454 Times in 2,905 Posts
Default Re: How Can I Tell Where This Email Is Really Coming From?

Okay, I just checked several of these emails and they're all from different IP
addresses, so either they are being sent by different people (doubtful as
they are all the same type of emails) or they are being sent using some
kind of rotating IP scheme (assuming this can be done...no, I'm not a techno
geek so I don't know.)

Steven Wagenheim is online now   Reply With Quote
Unread 20th December 2008, 04:54 PM   #11
Competitors' Nightmare
War Room Member
 
Join Date: 2002
Posts: 4,886
Thanks: 976
Thanked 3,915 Times in 2,177 Posts
Default Re: How Can I Tell Where This Email Is Really Coming From?

Spammers are getting more sophisticated these days with fake headers replicating the recipients email address. Unless you are getting bounced emails from other non-existent emails with your header info, don't worry about it. I get spam from myself quite frequently.

You might try to shield your email address on your websites with javascript, or use a php contact form as I started doing myself recently.

.
myob is offline   Reply With Quote
Unread 20th December 2008, 04:55 PM   #12
Senior Warrior Member
War Room Member
 
Andy Fletcher's Avatar
 
Join Date: 2006
Location: , , .
Posts: 2,657
Thanks: 1,146
Thanked 1,636 Times in 477 Posts
Default Re: How Can I Tell Where This Email Is Really Coming From?

The simplest fix is actually to just blacklist your own email addresses. How often do you email yourself anyway?

Andy Fletcher is offline   Reply With Quote
Unread 20th December 2008, 04:56 PM   #13
Starting Over
War Room Member
 
Steven Wagenheim's Avatar
 
Join Date: 2006
Location: Roselle, NJ, USA
Posts: 17,231
Blog Entries: 13
Thanks: 1,825
Thanked 7,454 Times in 2,905 Posts
Default Re: How Can I Tell Where This Email Is Really Coming From?

Quote:
Originally Posted by Andy Fletcher View Post
The simplest fix is actually to just blacklist your own email addresses. How often do you email yourself anyway?
I can't do that. I forward emails from that address to my AOL account. I
do this because I have so many email addresses that it's easier to read all
the customer service emails from one place.

Steven Wagenheim is online now   Reply With Quote
Unread 20th December 2008, 04:58 PM   #14
Senior Warrior Member
War Room Member
 
Join Date: 2003
Location: Jamaica.
Posts: 2,576
Blog Entries: 3
Thanks: 73
Thanked 157 Times in 126 Posts
Default Re: How Can I Tell Where This Email Is Really Coming From?

Quote:
Received: from [85.100.56.163] (port=4674 helo=xxxxxx.com)
by xxxx.xxxxxxxx.com with smtp (Exim 4.68)
(envelope-from <myaddress@mydomain.com>)
id 1LEA0M-0002CG-Ru
for myaddress@mydomain.com; Sat, 20 Dec 2008
Steven,

The ip is from Turkey. Somebody spoofing your domain email address to send email. Ask your host to set up SPF record for you. It simply tells the world that your email from your site are ONLY sent from your allowed ip address (mostly your server main ip). So if somebody uses your domain email from their own ip, that email will be rejected by receiving mail server.

.

Follow up Autoresponder PRO :: 33% Discount!!
FREE Upgrades! IMPROVED Email Deliverability!!
radhika is offline   Reply With Quote
Unread 20th December 2008, 04:58 PM   #15
Senior Warrior Member
War Room Member
 
Andy Fletcher's Avatar
 
Join Date: 2006
Location: , , .
Posts: 2,657
Thanks: 1,146
Thanked 1,636 Times in 477 Posts
Default Re: How Can I Tell Where This Email Is Really Coming From?

Quote:
Originally Posted by Steven Wagenheim View Post
I can't do that. I forward emails from that address to my AOL account. I
do this because I have so many email addresses that it's easier to read all
the customer service emails from one place.
OK. Well the more complicated version of blacklisting your email addresses unless they come from the correct IP will still work. I hope whoever you have your email server with provides this functionality for you.

Andy Fletcher is offline   Reply With Quote
Unread 20th December 2008, 05:00 PM   #16
HyperActive Warrior
War Room Member
 
Jim M's Avatar
 
Join Date: 2007
Location: Northern Ireland
Posts: 165
Thanks: 48
Thanked 45 Times in 31 Posts
Default Re: How Can I Tell Where This Email Is Really Coming From?

Quote:
Originally Posted by Steven Wagenheim View Post
I can't do that. I forward emails from that address to my AOL account. I
do this because I have so many email addresses that it's easier to read all
the customer service emails from one place.
Is there a common phrase / partial common content that you can flag as spam in your AOL account?

Jim Montgomery www.fivestarmarketing.eu - video tutorials and more DavidJamesPublishing.Com
Jim M is offline   Reply With Quote
Unread 20th December 2008, 05:03 PM   #17
Dare To Be Different
War Room Member
 
ExRat's Avatar
 
Join Date: 2005
Location: U.K.
Posts: 9,148
Thanks: 1,575
Thanked 3,125 Times in 1,203 Posts
Default Re: How Can I Tell Where This Email Is Really Coming From?

Hi all,

Thanks for the great help as usual, should be able to sort this out now.



Roger Davis

ExRat is offline   Reply With Quote
Unread 20th December 2008, 05:04 PM   #18
Starting Over
War Room Member
 
Steven Wagenheim's Avatar
 
Join Date: 2006
Location: Roselle, NJ, USA
Posts: 17,231
Blog Entries: 13
Thanks: 1,825
Thanked 7,454 Times in 2,905 Posts
Default Re: How Can I Tell Where This Email Is Really Coming From?

Quote:
Originally Posted by radhika View Post
Steven,

The ip is from Turkey. Somebody spoofing your domain email address to send email. Ask your host to set up SPF record for you. It simply tells the world that your email from your site are ONLY sent from your allowed ip address (mostly your server main ip). So if somebody uses your domain email from their own ip, that email will be rejected by receiving mail server.

.
Thanks, I just emailed my web host.

Steven Wagenheim is online now   Reply With Quote
Unread 20th December 2008, 05:05 PM   #19
Professional Writer
War Room Member
 
sylviad's Avatar
 
Join Date: 2005
Location: Ontario, Canada
Posts: 3,055
Thanks: 163
Thanked 315 Times in 217 Posts
Default Re: How Can I Tell Where This Email Is Really Coming From?

When I appeared to be receiving emails from myself, I thought my account had been hacked. I asked my provider and he told me they are not coming from my account. They subsequently did something that stopped it as I haven't received any since.

Sylvia

:: Professional Quality "Original" PLR Books, Reports, Articles - Only 100 copies will ever be sold.
:: Get Your IM Solutions Here! - Choosing a Niche, List building, Internet Marketing, Copywriting...
:: Want articles, reports, books written? - Award-winning Journalist is taking new projects. Warrior Discounts!
sylviad is offline   Reply With Quote
Unread 20th December 2008, 05:15 PM   #20
Advanced Warrior
War Room Member
 
Sean Kelly's Avatar
 
Join Date: 2006
Location: Ireland
Posts: 749
Thanks: 5
Thanked 36 Times in 26 Posts
Default Re: How Can I Tell Where This Email Is Really Coming From?

Quote:
Originally Posted by radhika View Post
Steven,

The ip is from Turkey. Somebody spoofing your domain email address to send email. Ask your host to set up SPF record for you. It simply tells the world that your email from your site are ONLY sent from your allowed ip address (mostly your server main ip). So if somebody uses your domain email from their own ip, that email will be rejected by receiving mail server.

.
If you have Plesk you are in luck, there are many things you can do...

In Plesk log in as Admin, click on 'Server' and then click on 'Mail'.

Under 'Relay options' make sure it is set to authorization is required: SMTP
Under 'DomainKeys spam protection' make sure 'Verify incoming mail' is CHECKED

Also switch on 'Verify incoming mail'
and set 'SPF checking mode' to 'Reject mails when SPF resolved to fail'

You can also switch on 'Switch on spam protection based on DNS blackhole lists'
and use sbl.spamhaus.org as your originator checking service.

Sean

http://www.lilURL.com - Free link shortener
Sean Kelly is offline   Reply With Quote
Unread 20th December 2008, 05:32 PM   #21
HyperActive Warrior
War Room Member
 
Join Date: 2008
Posts: 176
Thanks: 45
Thanked 18 Times in 11 Posts
Default Re: How Can I Tell Where This Email Is Really Coming From?

It may be hard to pin point the actually sender. The spammers need to be ahead of the curve and this would be the first thing they would want to cover their tracks.

The From address in an incoming mail can be made to look like anything. Few lines of Java/PHP/?? code can literally construct an email with following info and send it out to whoever:

From: you@yourdomain.com Or accounts@paypal.com
To: you@yourdomain.com
Subject: Spoof
Message: More spoof

Following links can give you more info:

Prevent email spoofing
FAQ: Spoof email
learnmore is offline   Reply With Quote
Reply

  Warrior Forum - The #1 Internet Marketing Forum & Marketplace > The Warrior Forum > Main Internet Marketing Discussion Forum

Bookmarks

Tags
coming, email

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off




All times are GMT -6. The time now is 06:14 AM.