04-28-2004, 05:06 AM | #1 (permalink) |
Registered User
Location: Somewhere in Ohio
|
Someone's spoofing my email address
So how can I find out who it is?
I know it's happening because for the past 3 days I've been getting Failed delivery emails, all of which are coming from the same email address whicjh I have never ever contacted. They're coming from a site called http://www.hucardguys.com/. Basically, they sell shit to program cable satellite cards. Now here's the thing, there are only 8 or 10 people who have my email. I generally give out my hotmail or yahoo email, and don't give out my email which I use most often to contact friends. Even more interesting, 2 of those so called friends program these fucking satellite cards. I emailed the person who they were contacting in hopes that they can give me enough info to find out who it is. I don't wanna ask one of the 2 guys because it's not like they'll tell me, and then they'll be able to cover their ass. All I know is if it is one of these 2 people I think it is I'm gonna kick somebody's fucking ass. I hate when I find out I can't trust people...... Any help would be appreciated. Something else I just thought of. On the 24th I got an email which was supposed to go to one of the 2 guys in question. Now, if he was spoofing my email could he have fucked something up to where I would recieve an email which was directed to him, not me? Last edited by sixate; 04-28-2004 at 05:11 AM.. |
04-28-2004, 09:46 AM | #7 (permalink) | |
Registered User
Location: Somewhere in Ohio
|
Quote:
|
|
04-28-2004, 09:50 AM | #8 (permalink) |
Devils Cabana Boy
Location: Central Coast CA
|
it is easy to spoof email, all you have to do is run an email server and send waht you wnt where you want. there are programs out there that let you spoof the senders name.
it is probubly just some jack ass who wants to mess with you. let your freinds know and switch you email address. there is little you can do.
__________________
Donate Blood! "Love is not finding the perfect person, but learning to see an imperfect person perfectly." -Sam Keen |
04-28-2004, 09:55 AM | #9 (permalink) | |
Right Now
Location: Home
|
Quote:
|
|
04-28-2004, 10:14 AM | #10 (permalink) |
Darth Papa
Location: Yonder
|
I agree, probably one of your two card-programming buddies has the virus and it's latched onto your address to spoof in the "From" field. It's then trying to send mail to somebody else in their address book (which is probably loaded with card-programming folks), which is failing because of who knows why, and bouncing back to you.
This happens a lot with email viruses--they circulate in pockets of community. I was getting it from the other resellers of the hosting service I resell. I heard about very specific pockets of people passing it back and forth. Scientists at distant universities who are researchers in the same field, for instance. It'd be sort of an interesting social connectivity experiment, if it weren't so damn annoying. What the hell, though. Post some headers, we'll take a look and see if it looks more suspicious than that. Last edited by ratbastid; 04-28-2004 at 10:16 AM.. |
04-28-2004, 11:05 AM | #11 (permalink) |
Registered User
Location: Somewhere in Ohio
|
Obviously, I deleted all entries with my email and domain with ------------------------
I have 3 headers which are exactly like the first 2, and the 3rd one I recieved while I was sleeping. Return-Path: <> Delivered-To: ---------------------------------- Received: (qmail 20043 invoked from network); 28 Apr 2004 14:20:12 -0000 Received: from cpe002078d1af34-cm014490002869.cpe.net.cable.rogers.com (HELO --------------------) ([24.102.138.211]) (envelope-sender <>) by mail-4.---------------------------- (qmail-ldap-1.03) with SMTP for <--------------------------->; 28 Apr 2004 14:20:12 -0000 MIME-Version: 1.0 Message-Id: 408FBD45.000003.17633@VAIO Date: Wed, 28 Apr 2004 10:18:45 -0400 (Eastern Daylight Time) Content-Type: Multipart/report; report-type="delivery-status"; boundary="------------Boundary-00=_93XVG6G0000000000000" From: MAILER-DAEMON@------------------- (Mail Delivery Subsystem) Message-Id: E1BIo1v-0002VL-H6@mx1.----------------------- Auto-Submitted: auto-generated (failure) To: ------------------------------------------- Subject: Undelivered mail: User unknown Along with this first one a .txt was attatched. This is what it said: Reporting-MTA: dns; mx1.------------------------------ Received-From-MTA: dns; Arrival-Date: Tue, 27 Apr 2004 14:51:26 -0700 Final-Recipient: rfc822; <maxine@hucardguys.com> X-Actual-Recipient: rfc822; maxine@hucardguys.com Action: failed Status: 5.1.1 Last-Attempt-Date: Tue, 27 Apr 2004 14:51:26 -0700 Diagnostic-Code: smtp; 550 <maxine@hucardguys.com>: User unknown in virtual mailbox table Return-Path: <> Delivered-To: ------------------------------- Received: (qmail 7356 invoked from network); 28 Apr 2004 11:57:56 -0000 Received: from mail-3.------------------------ ([63.67.120.3]) (envelope-sender <>) by mail-4.--------------------------(qmail-ldap-1.03) with QMQP for <>; 28 Apr 2004 11:57:56 -0000 Delivered-To: CLUSTERHOST mail-3.----------------------- -------------------------- Received: (qmail 23299 invoked from network); 28 Apr 2004 11:57:57 -0000 Received: from 69-28-195-132.waterhosting.com (HELO server1.waterhosting.com) ([69.28.195.132]) (envelope-sender <>) by mail-3.------------------------- (qmail-ldap-1.03) with SMTP for ------------------------------; 28 Apr 2004 11:57:56 -0000 Received: from mailnull by server1.waterhosting.com with local (Exim 4.24) id 1BInhM-0002AD-5x for -----------------------------; Wed, 28 Apr 2004 07:57:56 -0400 X-Failed-Recipients: maxine@hucardguys.com Auto-Submitted: auto-generated From: Mail Delivery System Mailer-Daemon@server1.waterhosting.com To: ----------------------------------- Subject: Mail delivery failed: returning message to sender Message-Id: E1BInhM-0002AD-5x@server1.waterhosting.com Date: Wed, 28 Apr 2004 07:57:56 -0400 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - server1.waterhosting.com X-AntiAbuse: Original Domain - --------------------------- X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - Return-Path: trickofmind@earthlink.net Delivered-To: ------------------------------- Received: (qmail 9162 invoked from network); 28 Apr 2004 17:21:45 -0000 Received: from unknown (HELO ChrissyLewgood.org) ([207.195.108.66]) (envelope-sender <trickofmind@earthlink.net>) by mail-4.--------------------------- (qmail-ldap-1.03) with SMTP for ------------------------------; 28 Apr 2004 17:21:45 -0000 Date: Wed, 28 Apr 2004 11:21:42 -0600 To: "-----------" ------------------------------------ From: "Trickofmind" trickofmind@earthlink.net Subject: Fax Message Received Message-ID: <ikdnmdknuzqkpozvyb@----------------------------- MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="--------iuoyozfzjjanhzpfjugi" This was a message sent with one of the Failures: This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: maxine@hucardguys.com This message has been rejected because it has a potentially executable attachment "Joke.vbs" This form of attachment has been used by recent viruses or other malware. If you meant to send this file then please package it up as a zip file and resend it. ------ This is a copy of the message, including all the headers. ------ Return-path: <-----------------------------------> Received: from [24.64.178.237] (helo=bill.org) by server1.waterhosting.com with smtp (Exim 4.24) id 1BInhJ-0002A8-Io for maxine@hucardguys.com; Wed, 28 Apr 2004 07:57:53 -0400 Date: Wed, 28 Apr 2004 05:54:57 -0700 To: "Maxine" <maxine@hucardguys.com> From: "------" <---------------------------> Subject: Re: Thank you! Message-ID: <cbhszpucazwbieuibwt@hucardguys.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="--------mrbcympdjopcrugpcusy" ----------mrbcympdjopcrugpcusy Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: 7bit html body br body html ----------mrbcympdjopcrugpcusy Content-Type: application/octet-stream; name="Joke.vbs" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="Joke.vbs" |
04-28-2004, 12:52 PM | #12 (permalink) |
beauty in the breakdown
Location: Chapel Hill, NC
|
Yeah, that looks like a return from a virus-spoofed email. I wouldnt worry about it. I get them all the time, and I *know* that I dont have any viruses. No worries
__________________
"Good people do not need laws to tell them to act responsibly, while bad people will find a way around the laws." --Plato |
04-28-2004, 03:08 PM | #13 (permalink) |
undead
Location: nihilistic freedom
|
Dude, I know it's probably just an email virus... but I suggest you change your email password. Let's say one of your "buddies" needs an email address and just happened to know your password.... he uses your box and your password to check back later to see if anyone replied.
For your sake though, I hope it is just a virus and none of your friends would be such an asshole. |
04-28-2004, 04:31 PM | #14 (permalink) |
Quadrature Amplitude Modulator
Location: Denver
|
I'll echo Peetster & hrdware etc. here.
I get about 20-50 a day. Nowadays they just get filtered into my spam mailbox.
__________________
"There are finer fish in the sea than have ever been caught." -- Irish proverb |
04-29-2004, 05:15 AM | #17 (permalink) | |
Darth Papa
Location: Yonder
|
Yup. Here's the giveaway in the message you posted:
Quote:
|
|
Tags |
address, email, spoofing |
|
|