|
The Technical Zone... The Geeky forum... Use this forum to discuss technical aspects of email, from authentication protocols to encryption. |
|
Thread Tools |
16 Apr 2012, 02:38 AM | #1 |
Senior Member
Join Date: Mar 2009
Posts: 116
|
How did they send this?
I got this email to my Googlemail/gmail address. The email was claiming to have come from a Yahoo address and the yahoo address was one of mine.
So I figured that was odd. Putting aside how did they connect one email with the other one.. They perhaps broke into one of the accounts and got the other email address. But that aside.. What method did they use to send the email? It looks like it came from Yahoo, it has Yahoo headers. But I do need some convincing to believe they got into my account. I don't see anything in my Sent Mail for example. Is it a sure thing that they must've logged in as me on my Yahoo account and sent that email? Or is there any other way they may have done it? I changed my yahoo mail password just to make sure. Delivered-To: gadopphin1@googlemail.com Received: by 10.229.222.212 with SMTP id ih20csp52711qcb; Sat, 24 Mar 2012 08:01:51 -0700 (PDT) Received: by 10.68.194.3 with SMTP id hs3mr38085144pbc.119.1332601310062; Sat, 24 Mar 2012 08:01:50 -0700 (PDT) Return-Path: <todroly31@yahoo.co.uk> Received: from nm19-vm0.bullet.mail.ird.yahoo.com (nm19-vm0.bullet.mail.ird.yahoo.com. [77.238.189.92]) by mx.google.com with SMTP id r7si12772130pbq.158.2012.03.24.08.01.48; Sat, 24 Mar 2012 08:01:50 -0700 (PDT) Received-SPF: neutral (google.com: 77.238.189.92 is neither permitted nor denied by best guess record for domain of todroly31@yahoo.co.uk) client-ip=77.238.189.92; Authentication-Results: mx.google.com; spf=neutral (google.com: 77.238.189.92 is neither permitted nor denied by best guess record for domain of todroly31@yahoo.co.uk) smtp.mail=todroly31@yahoo.co.uk; dkim=pass (test mode) header.i=@yahoo.co.uk Received: from [77.238.189.50] by nm19.bullet.mail.ird.yahoo.com with NNFMP; 24 Mar 2012 15:01:47 -0000 Received: from [217.146.188.166] by tm3.bullet.mail.ird.yahoo.com with NNFMP; 24 Mar 2012 15:01:47 -0000 Received: from [127.0.0.1] by smtp134.mail.ird.yahoo.com with NNFMP; 24 Mar 2012 15:01:47 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.co.uk; s=s1024; t=1332601307; bh=jUEqsk8PcibGwaZI1hhXdfQFuvG4zkDe7l/vywrToMI=; h=X-Yahoo-Newman-Id:Message-IDate:X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:Received:Subject:From; b=uNTOdDv3BwuQ7Nz2BCPvCggaTKp2Wsfh2/qcKHhsjGIbSerSsQTpcVN+KwKZUdkVox5SH3oXAwRCqUu+vTNrtdx70n+J3mNhwbbqRMnApf6kOeVIthS1VWv5L43mRQ5EEaBDg+mKKFgy3TQ5fI1RjhBYrLrnL5O9h9Oqe9sUrU0= X-Yahoo-Newman-Id: 655289.55666.bm@smtp134.mail.ird.yahoo.com Message-ID: <655289.55666.bm@smtp134.mail.ird.yahoo.com> Date: Sat, 24 Mar 2012 08:01:47 -0700 (PDT) X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: T1mF3ekVM1k1h3G9pq9D55.n2MkxPZBGXcky4RUxqfix4jf wFIncPrPBjLKUno5Pkqxmtd.7PHoV5TVUkxYw3dfxlFEvx3UFN6ZbW63aOlU 0gn3vpmV7uEys3W6ksKU4uV1z7HSSZFdaammFU1bRV9Q9nXJ4eXjkOtpq70Q BdKFxsi4YKzIRPgf15CiP_LrdKpJgnAq2DnM7PaWBSOxYnAf0hLohuwbbAhr brw1BhXb29_K6DshXn68.hgAung1Go0Z6HAJWQGjXU2VUNSkOhVi7BuUwBng 2oxOobIRACFXRa2HBcZaJoLU1yqRLdHSNxEgiq_YnQTykp3GQevL9pchABhr irVvUQODTEJPbnqt.yaR4GlKou_P_0heUGmDWngDcREvJn9_xA6cbVODnigG AZD5uaLRHpsoyzobbcZVyF3Np9UoXzDzmCbXULI2H8aAVQCXarIX0DtqbYV1 relJLjf3zQhmXWwPg7D.6p.eabtz4ZYjJ9qQ4mBRkD2VI5vqWhOERy5aF_yG YrV0Og.Wz X-Yahoo-SMTP: HNff29SswBBgnCZ2jGCkOnemaWKiK4_EUbs- Received: from xybipaly (todroly31@77.224.248.3 with plain) by smtp134.mail.ird.yahoo.com with SMTP; 24 Mar 2012 08:01:47 -0700 PDT Subject: Re: From: todroly31@yahoo.co.uk |
16 Apr 2012, 02:46 AM | #2 |
Ultimate Contributor
Join Date: Dec 2001
Location: Canada.
Posts: 10,355
|
It's very easy to forge a 'from address' - which may be your own email address (or any other)
More info here. |
16 Apr 2012, 03:44 AM | #3 |
Cornerstone of the Community
Join Date: Mar 2011
Location: ~$
Posts: 652
|
The message does seem to have gone through Yahoo's servers -- it contains Yahoo's IP addresses and Yahoo's DKIM signature. Google actually received it from one of Yahoo's servers, so it's unlikely that the sender forged those headers.
It may be easy to forge a "From:" address, but it's less easy to get a company to accept and sign a message that contains a forged address belonging to its own domain. I don't know what Yahoo's policy on aliases/personalities/identities is, but I can't imagine that they'd allow any Yahoo user to impersonate any other Yahoo user. Unless there's a hole in Yahoo's system that allows this (which is unlikely), I'd assume that your Yahoo account was compromised. Better be safe than sorry! That might also explain how the sender got hold of your other e-mail address. Check if anybody else in your Yahoo address book has received similar messages lately. The following lines look interesting, as they contain the only IP address in those headers that doesn't belong to either Yahoo or Google. Code:
Received: from xybipaly (todroly31@77.224.248.3 with plain) by smtp134.mail.ird.yahoo.com with SMTP; 24 Mar 2012 08:01:47 -0700 PDT tl;dr: Change your Yahoo password and security questions. Make sure that the e-mail address you're using for password recovery hasn't been compromised, too. Last edited by kijinbear : 16 Apr 2012 at 03:50 AM. |