Spamming myself?? - Ubuntu

This is a discussion on Spamming myself?? - Ubuntu ; Here's a weird thing that I'm trying to get to the bottom of. A couple of days ago I received an email from info ATT markcarter DOTT me DOTT uk to one of my yahoo accounts. It was a usual ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Spamming myself??

  1. Spamming myself??

    Here's a weird thing that I'm trying to get to the bottom of.

    A couple of days ago I received an email from
    info ATT markcarter DOTT me DOTT uk
    to one of my yahoo accounts. It was a usual spam message selling drugs.
    What is worrying was that the domain was registered by me. I hear that
    yahoo has a way of authenticating the originator of a message - so I'd
    like to figure out what's going on. However, I don't know much about
    security, so I'd appreciate any comments on how to track down the problem.

    Worth mentioning is the fact that my website www.markcarter.me.uk is
    hosted externally by Ideal Hosting, and that mail to info@mark... is
    auto-forwarded to my yahoo account as a setting I've set up (long time ago).

    I reproduce the header on the message I received below.

    X-Account-Key: account3
    X-UIDL: AAOxktkAAR5ZR7VsYAzjkG/SnGc
    X-Mozilla-Status: 0001
    X-Mozilla-Status2: 00000000
    X-Mozilla-Keys:

    X-Apparently-To: mcturra2000@yahoo.co.uk via 217.146.177.3; Fri, 15 Feb
    2008 10:41:36 +0000
    X-YahooFilteredBulk: 81.21.76.58
    X-Originating-IP: [81.21.76.58]
    Authentication-Results: mta140.mail.ukl.yahoo.com
    from=markcarter.me.uk; domainkeys=neutral (no sig)
    Received: from 81.21.76.58 (HELO mx2.turbodns.co.uk) (81.21.76.58)
    by mta140.mail.ukl.yahoo.com with SMTP; Fri, 15 Feb 2008 10:41:36 +0000
    Received: (qmail 17189 invoked by uid 68); 15 Feb 2008 10:41:36 -0000
    Delivered-To: markcarter-info@markcarter.me.uk
    Received: (qmail 17130 invoked from network); 15 Feb 2008 10:41:36 -0000
    Received: from unknown (HELO anahita) (81.21.76.58)
    by 192.168.147.22 with SMTP; 15 Feb 2008 10:41:36 -0000
    X-Mailer: CME-V6.5.4.3; MSN
    Received: (qmail 12219 by uid 862); Fri, 15 Feb 2008 11:41:40 +0100
    Message-Id: <20080215124140.12221.qmail@anahita>
    To:
    Subject: February 77% OFF
    From:
    MIME-Version: 1.0
    Content-Type: text/html; charset="ISO-8859-1"
    Content-Type: multipart/mixed;
    boundary="------------090503040401040505040604"
    --------------090503040401040505040604
    Content-Transfer-Encoding: 7bit


  2. Re: Spamming myself??

    mark carter wrote:

    > Here's a weird thing that I'm trying to get to the bottom of.
    >
    > A couple of days ago I received an email from
    > info ATT markcarter DOTT me DOTT uk
    > to one of my yahoo accounts. It was a usual spam message selling
    > drugs. What is worrying was that the domain was registered by me. I
    > hear that yahoo has a way of authenticating the originator of a
    > message - so I'd like to figure out what's going on. However, I don't
    > know much about security, so I'd appreciate any comments on how to
    > track down the problem. ...
    >
    > Worth mentioning is the fact that my website www.markcarter.me.uk is
    > hosted externally by Ideal Hosting, and that mail to info@mark... is
    > auto-forwarded to my yahoo account as a setting I've set up (long
    > time ago).
    >
    > I reproduce the header on the message I received below.
    > ...
    > X-Apparently-To: mcturra2000@yahoo.co.uk via 217.146.177.3; Fri, 15 Feb
    > 2008 10:41:36 +0000


    Relayed by yahoo to your mcturra2000 address.

    > Received: from 81.21.76.58 (HELO mx2.turbodns.co.uk) (81.21.76.58)
    > by mta140.mail.ukl.yahoo.com with SMTP; Fri, 15 Feb 2008 10:41:36 +0000


    IP address used to send the email. (81.21.76.58 mx1.turbodns.co.uk)

    > To:
    > Subject: February 77% OFF
    > From:


    From you, to you. An easy trick, using forged FROM field, rather common
    by spammers. They do it because many ISPs do not filter mail "from"
    yourself.

    Spammers also routinely spew to "info", "webmaster", "sales", and other
    common words at every domain name they can harvest. If your "info" is
    not a valid address, visit your web host panel and turn off the
    catch-all feature.

    --
    -bts
    -Friends don't let friends drive Vista

  3. Re: Spamming myself??

    mark carter schreef:
    > Here's a weird thing that I'm trying to get to the bottom of.
    >
    > A couple of days ago I received an email from
    > info ATT markcarter DOTT me DOTT uk
    > to one of my yahoo accounts. It was a usual spam message selling drugs.
    > What is worrying was that the domain was registered by me. I hear that
    > yahoo has a way of authenticating the originator of a message - so I'd
    > like to figure out what's going on. However, I don't know much about
    > security, so I'd appreciate any comments on how to track down the problem.
    >
    > Worth mentioning is the fact that my website www.markcarter.me.uk is
    > hosted externally by Ideal Hosting, and that mail to info@mark... is
    > auto-forwarded to my yahoo account as a setting I've set up (long time
    > ago).
    >
    > I reproduce the header on the message I received below.
    >
    > X-Account-Key: account3
    > X-UIDL: AAOxktkAAR5ZR7VsYAzjkG/SnGc
    > X-Mozilla-Status: 0001
    > X-Mozilla-Status2: 00000000
    > X-Mozilla-Keys:
    > X-Apparently-To: mcturra2000@yahoo.co.uk via 217.146.177.3; Fri, 15 Feb
    > 2008 10:41:36 +0000
    > X-YahooFilteredBulk: 81.21.76.58
    > X-Originating-IP: [81.21.76.58]
    > Authentication-Results: mta140.mail.ukl.yahoo.com from=markcarter.me.uk;
    > domainkeys=neutral (no sig)
    > Received: from 81.21.76.58 (HELO mx2.turbodns.co.uk) (81.21.76.58)
    > by mta140.mail.ukl.yahoo.com with SMTP; Fri, 15 Feb 2008 10:41:36 +0000
    > Received: (qmail 17189 invoked by uid 68); 15 Feb 2008 10:41:36 -0000
    > Delivered-To: markcarter-info@markcarter.me.uk
    > Received: (qmail 17130 invoked from network); 15 Feb 2008 10:41:36 -0000
    > Received: from unknown (HELO anahita) (81.21.76.58)
    > by 192.168.147.22 with SMTP; 15 Feb 2008 10:41:36 -0000
    > X-Mailer: CME-V6.5.4.3; MSN
    > Received: (qmail 12219 by uid 862); Fri, 15 Feb 2008 11:41:40 +0100
    > Message-Id: <20080215124140.12221.qmail@anahita>
    > To:
    > Subject: February 77% OFF
    > From:
    > MIME-Version: 1.0
    > Content-Type: text/html; charset="ISO-8859-1"
    > Content-Type: multipart/mixed;
    > boundary="------------090503040401040505040604"
    > --------------090503040401040505040604
    > Content-Transfer-Encoding: 7bit
    >

    Not uncommon to see.
    The 'better' spam bots fake the sender.
    But important is the sender IP (Received: from 81.21.76.58) and that
    looks very different.

+ Reply to Thread