I know just enough about email headers to be dangerous. But I usually recognize the vital elements.
This is someone who is a "known" email contact, but haven't heard from her in well over a year. The email content was a ploy to send money, which I find highly unlikely from this person. Unfortunately, she is unreachable, which makes it even more suspicious.
But here's the weirdest thing of all: this email has no "To" to any of my email addresses. It comes from hotmail, all the original IP's in the headers were MS servers, but there's no TO. How did I receive this? Anonymized, but here's the headers . . . .
Received: (qmail 16191 invoked from network); 18 Jan 2010 00:41:05 -0800
Received: from SOME HOTMAIL ID.hotmail.com (SOME HOTMAIL IP ADDRESS)
by MY SERVER IP ADDRESS with SMTP; 18 Jan 2010 00:41:05 -0800
Received: from BAY142-W17 ([SOME HOTMAIL IP ADDRESS]) by SOME HOTMAIL ID.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
Mon, 18 Jan 2010 00:57:13 -0800
Return-Path: THE KNOWN HOTMAIL ADDRESS@hotmail.com
X-Originating-IP: [SOME HOTMAIL IP ADDRESS]
From: COMPANY NAME <THE KNOWN HOTMAIL ADDRESS@hotmail.com>
To: <THE KNOWN HOTMAIL ADDRESS@hotmail.com> <!-- Added by bill: HUH? -->
Subject: I NEED YOUR HELP URGENTLY
Date: Mon, 18 Jan 2010 02:57:13 -0600
X-OriginalArrivalTime: 18 Jan 2010 08:57:13.0768 (UTC) FILETIME=[3A466A80:01CA981C]
Content-Type: multipart/mixed; boundary="=======AVGMAIL-00EC72F0======="
(mail content follows)
Some "Guesses": Their account hacked? Some weirdness going on at hotmail? Though we have no indication otherwise, have to consider, someone has gained access to our server? Conferred with my admin, he sees no such indication in this email, but just because I'm paranoid doesn't mean they're not after me . . .