Viesturs Lācis wrote: > Hello, folks! > > First of all, I apologize for the total non-LinuxCNC topic. > This is the only place I know, where some people might have related > experience... > > I have my own domain and I have my mailboxes with my domain in Google Apps. > Today in spam folder I see "mail delivery failure", "undelivered mail > returned" messages from different places. I can see in the text of the > message the original sender, which has my domain after @ symbol (and > different names before it, like Deanne021 or Victor812 etc). > I am administrator of my Google Apps account and I myself have created > only one user and only one mailbox - I just checked it in Google Apps > administration page. > I have set that I receive all the messages with my domain after @ > symbol, regardless of what word is before that. > > Does this mean that I have been hacked? > Or can anyone simply fake the original sender entry and there is > nothing I can do? > Generally, most Mail Transfer Agents include the numeric IP address of the message as it flows from MTA to MTA. (List servers don't always preserve this info, but they SHOULD!) You can use this to detect forged headers, and that is likely what you have there.
So, there are some possibilities. Yahoo accounts have been hacked recently in large numbers. Large amounts of spam has been sent from these accounts. Maybe the hackers have moved on to Google. Some user who has your email in his contact list has been hacked, and his computer sent messages with spoofed addresses. This is VERY common. Addresses have been harvested from various mailing lists and used to send spoofed messages. The case where the part before the @ is randomized is a classic spam technique used to detect live email accounts because these DON'T produce a "no user of that name" response from the last mail server. The message claiming it was from a mail server is a forgery, it is probing mail servers for active accounts. Usually there is stuff in the User-Agent: field that proves it was NOT actually sent by an SMTP server, but a user's mail program. All these bastards should be thrown in a pot of boiling oil! Jon ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
