homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Hardware and OS Related Technologies / Website Technology Issues
Forum Library, Charter, Moderators: phranque

Website Technology Issues Forum

Examine these mail headers
Hotmail, weirdest thing I've seen. Well one of them

 8:52 pm on Jan 18, 2010 (gmt 0)

I know just enough about email headers to be dangerous. But I usually recognize the vital elements.

This is someone who is a "known" email contact, but haven't heard from her in well over a year. The email content was a ploy to send money, which I find highly unlikely from this person. Unfortunately, she is unreachable, which makes it even more suspicious.

But here's the weirdest thing of all: this email has no "To" to any of my email addresses. It comes from hotmail, all the original IP's in the headers were MS servers, but there's no TO. How did I receive this? Anonymized, but here's the headers . . . .

Received: (qmail 16191 invoked from network); 18 Jan 2010 00:41:05 -0800
Received: from SOME HOTMAIL ID.hotmail.com (SOME HOTMAIL IP ADDRESS)
by MY SERVER IP ADDRESS with SMTP; 18 Jan 2010 00:41:05 -0800
Received: from BAY142-W17 ([SOME HOTMAIL IP ADDRESS]) by SOME HOTMAIL ID.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
Mon, 18 Jan 2010 00:57:13 -0800
Message-ID: <some-unique-id@phx.gbl>
Return-Path: THE KNOWN HOTMAIL ADDRESS@hotmail.com
To: <THE KNOWN HOTMAIL ADDRESS@hotmail.com> <!-- Added by bill: HUH? -->
Date: Mon, 18 Jan 2010 02:57:13 -0600
Importance: Normal
MIME-Version: 1.0
X-OriginalArrivalTime: 18 Jan 2010 08:57:13.0768 (UTC) FILETIME=[3A466A80:01CA981C]
Content-Type: multipart/mixed; boundary="=======AVGMAIL-00EC72F0======="
(mail content follows)

Some "Guesses": Their account hacked? Some weirdness going on at hotmail? Though we have no indication otherwise, have to consider, someone has gained access to our server? Conferred with my admin, he sees no such indication in this email, but just because I'm paranoid doesn't mean they're not after me . . .



 2:41 am on Jan 19, 2010 (gmt 0)

I have received some of these emails last months from friends who used hotmail some years ago. It seems that hackers have found a bunch of hotmail passwords and are now using these accounts to send emails to people in the address book of those hotmail accounts.

It may have something to do with [google.com...]


 2:56 am on Jan 19, 2010 (gmt 0)

Yes, many Hotmail users have had their accounts hacked, with the hackers spamming the people in the accounts' contact lists. This enables the spammers to bypass spam filters more easily. Another aspect is the hackers changing the auto-reply on hacked accounts to "auto-spam" anyone emailing to the hacked account address. The security of your own server would not be affected by any of this.


 7:10 pm on Jan 19, 2010 (gmt 0)

That's kinda what I thought. I looked through **some** of the links today (and yesterday :-) ) but what fascinates me about this one in particular is how I received it without a to in the headers, or that the to is the hotmail address. Even in an auto-reply it should have a "to."


 7:27 pm on Jan 19, 2010 (gmt 0)

You are in the BCC: list. That is an easy way to compose one email message and send it to tens of people at once, without any of the recipients knowing that they received a bulk message.


 7:28 pm on Jan 23, 2010 (gmt 0)

Yes, I'd thought of that, but usually a BCC still has a "to" to the recipient(?)

Does anyone know of a way to report abuse to hotmail? I looked around their site, couldn't find anything, abuse@ returns undelivered.

I did submit a "feedback" to their site, if that's the only avenue, good enough . . . .

Global Options:
 top home search open messages active posts  

Home / Forums Index / Hardware and OS Related Technologies / Website Technology Issues
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved