Email spoofing?

Similar Messages

• What's causing email spoofing FROM my Outlook account

  I detected email spoofing of my company email address through a notification that a message was undeliverable. My sys admin said to install antispam software on my Mac, but is that the problem? Does that protect against sending spam too? Is a virus on my machine a possibility? Or is it more likely on the server?
  I'm not highly technical on system issues so I'm not sure what information is useful in detecting the source of the spoofing. Obviously it's important that my business email isn't spamming or infecting clients' machines, who are mostly PC, by the way. I use Outlook 2011 and also have an IMAP account on Apple Mail for the same company email. My Outlook account syncs to MS Sharepoint online.
  I have no antivirus software installed. I use Flash and Java for work. I'm running Mavericks 10.9.4 and installed the update July 12, 2014. My system is running very slowly now, but that could be an unrelated issue with this 2008 model laptop.
  Any thoughts or similar experiences would be much appreciated.

  Thanks for the followup, Camelot. All I have to work with are the headers included in the delivery failure notification. None of those IP addresses match my machine, so that's good. But they all match our company server at outlook.com. I'll verify that with the sys admin tomorrow.
  It looks like my email address was spoofed in forwarding some spam about 6 hours after it was received. The initial spam message was sent to a group info@ address at my company from a domain in Asia and the content was in an Asian language script. That was then somehow forwarded from 'me' to a Mexican domain and rejected. [email protected]   That address isn't in any contacts list on my machine and I've never seen it before.
  It seems like a nasty little virus, but being a Mac user, I'm not at all experienced in those !
  I also appreciate your comments on the SMTP protocol. It's really a shame it's so easy to do. I'm aware that there's a code you can set on your account that will verify an email came from you. My mail host added it to my personal account.
  Again, thank you for the thoughtful and detailed reply. Very helpful.

• Centurylink webmail claims that firefox is causing webmail to convert emails I am trying to forward to attachments resulting in the content not being sent.

  webmail converts content to an attachment upon clicking forward or reply, shows the paperclip and subject of the email then sends email sans the attachment.

  Mindset wrote:
  Or am I stuck with it until the person I don't know has me in their address book clenses their computer???
  That probably won't fix it, unfortunately. It is probably a result of Spoofing -
  Email spoofing - Wikipedia, the free encyclopedia
  Once the spoofing entity has grabbed your email address from that person, they have it - the other person can 'cleanse' their machine but it will do no good.
  You could go to the bother of changing your email account and address. It won't stop the activity and use of your old address, but it will stop the 'can't deliver it' messages.
  Or, just ignore it and keep throwing those messages away. They'll dwindle to very seldom in time.

• Got message trying to log in to email 'too many l...

  Hi BT,
  This morning when first logging into BT Mail I got a failure message to the effect that there had been too many login failures on my account try again in 10 minutes.
  Since this was on my FIRST login in attempt it could not have been me that caused the login failures.
  Questions for BT:-
  1. Is someone trying to hack my email account?
  2. How many times does it have to fail before causing this message?
  3. Are you able to detect (IP Address?) where these failures are coming from?
  4. If you are able to detect there are too many login fails how about displaying the number of login fails?
  Looking fwd to your reply.

  radclifm wrote:
  re:  Did you receive any replies?
  Yes, in the form of delivery failure messages. So I could see that the real email address used (it was mine) and I could see what the spam message was (it contained a link to a dodgy website). Not being an email spoofer I can only go by what I have read and it would appear that when an email address is spoofed it will be returned by the delivery failure system to the spoofed address because no authorisation checks are done on spoofed address. That is the point of spoofing a genuine address.
  re: ... email would return to you so there would be no gain for the spammer
  The messages sent out contained a web page link, so the spammers (and there have been several) would not be trying to get replies from the email, more trying to get the recipients to look at some dodgy web site. Fair enough.
  re: The volume of emails sent by spammers is I suspect more than the 49 permitted group email limit set by BTMail on your account so this would be rather limiting for any spammer.
  I've seen the failed deliveries come back in batches, which would fit the group email limit, and mean they were trying to circumvent the group mail limit.
  As an aside, it's worth setting up a non-existent email address in Contacts to see if anyone is doing this, then you'd see the failed delivery come back. I have already done that. It is the only email address I have in my contacts. I don't keep contacts or emails on the servers. I would rather be responsible for my own emails and contacts security.
  re: deleting the emails to cover their tracks - I've found that with BT Mail webmail if you delete from Sent box they don't appear in Trash, so you wouldn't see the spam mails there either. I have found that in BTMail if you do delete from sent box they do get put in the trash so your spammers are very tidy not only deleting it from the sent folder but also the Trash folder.
  I am not trying to convince you one way or the other, you have your views that your email account is/has been logged onto and emails sent from it and I have my view that it was only your email account address that was spoofed. I think we will just have respect each others views and agree to differ.
  The bottom line is you do what you feel is best for your security and piece of mind when using your email account.

• Email to account that doesn't exist delivered

  We don't have [email protected] user, but today we received a virus email addressed to that account.
  How can this happen and what can I do to prevent?
  Dennis

  Hi Dennis,
  According to your description, it seems that an email spoofing happened in your Exchange environment. Please check whether an Edge server or
  Forefront Online Protection for Exchange(FOPE) is deployed in your
  domain. Also make sure a SPF(Sender Policy Framework) record is configured
  while configuring and using the Forefront Online Protection for Exchange (FOPE) service.
  Sender Policy Framework is a record that is used to help prevent email spoofing. It allows you to specify all of the IP addresses that you would send mail from in one simple TXT record, and to tell the receiving server to only allow the outbound
  servers you listed.
  For more information about how SPF records work with the FOPE service and to view additional SPF record examples, see the section titled
  SPF Record Settings in
  Best Practices for Configuring FOPE.
  Anti-Spam and Anti-Malware Protection in Exchange 2013
  http://technet.microsoft.com/en-us/library/jj150481(v=exchg.150).aspx
  Thanks,
  Winnie Liang
  TechNet Community Support

• My address book has been infiltrated and emails sent

  I have an intel imac running on Snow Leopard.   My address book has been infiltrated and emails sent without my knowledge.  What can I do?

  What leads you to believe this is happening?
  If the indication of that is auto-messages indicating undeliverable email, messages you did not send, then you may be a victim of Sppfing instead.
  Email spoofing - Wikipedia, the free encyclopedia

• Windows IIS SMTP server internal spoofing

  Hi,
  I setup windows IIS based smtp server, I had below requirements.
  1. all application emails should be relayed internally and externally,from domain and non-domain (Windows & Unix systems)
  2. Only list of email domains (we have close to 20 email domain)should be able to send emails to this SMTP virtual server
  3. Internal email spoofing should not be allowed
  4. this system should not accept email from domains other than specified domains (Point 2).
  I verified all settings, now I am able to send email internally & externally but my problem is, its accepting emails from any domain (Other than domain we use) and spoofing also.
  Thanks!
  Karthikeyan
  Thanks, Karthikeyan R

  More if you ask them here: http://forums.iis.net/
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• Issue with Email

  Hello,
  I have set up an email account on the MAC program Mail. The email address originates from Go Daddy. The email program is up and running, able to send and receive emails. When running the account through a spam checker, the following message is received:
  [SPF] benevolenceinn.com does not allow your server 173.201.192.105 to use [email protected]
  Sender Policy Framework (SPF) is an email validation system designed to prevent email spam by detecting email spoofing, a common vulnerability, by verifying sender IP addresses.
  What we retained as your current SPF record is:
  "v=spf1 a mx include:secureserver.net ~all"
  More information about this error:
  benevolenceinn.com: Junk encountered in mechanism 'ptr:68.178.252.102'
  In addition, [Sender ID] benevolenceinn.com does not allow your server 173.201.192.231 to use [email protected], is also stated. This is the same message but for "Sender ID" as well.
  I spoke to Go Daddy and they stated that it could be an issue with MAC mail.  When I spoke to Apple, they suggested that the issue lies with my home IP address and not Go Daddy or Apple.  The IP address of Go Daddy is listed above but the tec online said that my home ip would be the real issue.  I spoke to Time Warner and they said there is absolutely no issue with my IP.
  Any tips on how to solve this?
  Thank you!
  Shane

  It could be that the server is seeing your source address as being "masked" by routing through GoDaddy. In other words, when you originate your mail from your own IP, it then passes through GoDaddy, and the recipient sees this as a spoofing attempt.
  I would suggest the problem isn't with you or GoDaddy but maybe the way they have their servers set up. I was having trouble not getting responses to a group I was trying to join and when I contacted one of the admins directly they told me that Verizon was blocking their site and marking their setup mails as spam. It was hardly a dubious group, someone at Verizon entered the wrong IP address into a list of "bad guys."

• I am getting "Undeliverable" emails in response to emails I have not sent

  The text from one of these emails is pasted below. They are all similar. Help! Does this mean my email has been hijacked? Is email being sent using my email address? Is it from within my mailbox?
  Please let there be someone who knows what to do!
  This is the mail system at host vmcluster.vel.net.
  I'm sorry to have to inform you that your message could not
  be delivered to one or more recipients. It's attached below.
  For further assistance, please send mail to <postmaster>
  If you do so, please include this problem report. You can
  delete your own text from the attached returned message.
  The mail system
  <[email protected]>: maildir delivery failed: "The user you are trying to
  reach is over quota."
  Reporting-MTA: dns; vmcluster.vel.net
  X-Postfix-Queue-ID: B6EE214FAED
  X-Postfix-Sender: rfc822; crhea2 (at) mac (dot) com <Edited by Host>
  Arrival-Date: Tue, 1 Mar 2011 06:42:29 -0800 (PST)
  Final-Recipient: rfc822; [email protected]
  Original-Recipient: rfc822;[email protected]
  Action: failed
  Status: 5.0.0
  Diagnostic-Code: X-Postfix; maildir delivery failed: "The user you are trying
  to reach is over quota."
  From: crhea2 (at) mac (dot) com <Edited by Host>
  Date: March 1, 2011 9:41:29 AM EST
  To: [email protected]
  Subject: Òóðïóòåâêè ñî ñêèäêîé!
  Reply-To: [email protected]
  Ãîðÿùèå òóðïóò¸âêêè ïî ñàìûì âûãîäíÿì öåíàì!!
  Ñìîòðèòå ïðåäëîæåíèÿ íà íàøåì ñàéòå: http://www.kivi.ru/turskidki
  Âû ìîæåòå ïîëó÷èòü ñêèäêó â ëþáîì íàøåì òóðàãåíòñòâå â Ìîñêâå è Ñàíêò-Ïåòåðáóðãå, âõîäÿùèõ â ñåòü íåçàâèñèìûõ òóðàãåíòñòâ Êèâè.Ðó.
  Òóðñêèäêè ðàññ÷èòûâàþòñÿ èíäèâèäóàëüíî â îôèñå ïðîäàæ è çàâèñÿò îò ñòîèìîñòè âûáðàííîãî Âàìè òóðà, òóðîïåðàòîðà, âðåìåíè âûëåòà.
  Çàõîäèòå íà íàø ñàéò: http://www.kivi.ru/turskidki
  Èëè çâîíèòå íåìåäëåííî: (495) 500-7589 (495) 650-2963 (495) 737-4415
  Áóäåì ðàäû îòâåòèòü íà ëþáûå Âàøè âîïðîñû!
  Åñëè âû íå õîòèòå ïîëó÷àòü äàííóþ ðàññûëêó, òî ïåðåøëèòå ýòî ïèñüìî íà: [email protected]
  Scanned for viruses and dangerous content and is believed to be clean.

  Mindset wrote:
  Or am I stuck with it until the person I don't know has me in their address book clenses their computer???
  That probably won't fix it, unfortunately. It is probably a result of Spoofing -
  Email spoofing - Wikipedia, the free encyclopedia
  Once the spoofing entity has grabbed your email address from that person, they have it - the other person can 'cleanse' their machine but it will do no good.
  You could go to the bother of changing your email account and address. It won't stop the activity and use of your old address, but it will stop the 'can't deliver it' messages.
  Or, just ignore it and keep throwing those messages away. They'll dwindle to very seldom in time.

• Bulk email not sent by me (to Germany/Switzerland)

  I have just got back from hols to find that it seems that my email address (not me) has been sending multiple emails to addresses in germany and switzerland.  I keep getting emails from Mail Delivery Service saying that various recipients of my message (eg [email protected]; [email protected]) have failed to receive my messages - what is wrong ?  Looking at my bulk email folder shows there have been a number of these over the last 2-3 weeks.  I did not send them.  How can I stop this ?  Have I been hacked ?  Thanks in advance

  You may or may not have been hacked.
  Are you migrated to BTMail yet or still on BTYahoo mail?
  The problem could be:
  1.random spoofing of your email address, because someone either knows it or guessed it or automatically generated it, but there has been no hack of your email. Action required - none.
  2.malware on your own device/computer which has got your details, and then harvested data and used its own methods to send email spoofing your address.
  The same effect can occur when ANYONE else who has your email address suffers a security breach of either their webmail or their computer/device and has their contacts/address books harvested for data. Particularly a problem when people insist on putting you in the TO: or Cc: field of round-robin chain emails so a hundred other people get sent your email address by a mutual "friend".
  Action required - full virus check with your own up to date AV program but also an online one like malwarebytes.com, preferably one that is good at finding spyware as well as viruses. Not infallible. Even if you get an all clear, repeat it a week or more later, as the security software may spot it when it has new definitions loaded. But you can't stop the spam being sent.
  3. compromise of your webmail interface by a hacker - this was a big problem on the Yahoo! mail interface and has been extensively covered in the press. BTYahoo customers were also affected. Again - there's nothing you can do - but if you prove your account HAS been hacked via the webmail interface, then change both the password and the security questions and keep records of both the old answers and the new ones, somewhere safe on a piece of paper in case the system mangles your changes then locks you out.
  If you are a BTYahoo mail user you can check who has been logging in to your account and where from, using this link
  https://login.yahoo.com/config/login?.intl=us&.src=ymbr&.partner=&.pd=&.done=https%3A%2F%2Fapi.login...
  and entering the email address you want to check along with its password.
  If you find that the IP address section shows for example, a mobile login in from somewhere in the Ukraine, then you've been compromised. (unless you went to the Ukraine recently on holiday!!!)

• How do I install updates for worm elimination

  Operating system OSX 10.4.7, 1GB memory (41CB Free)
  Office 2004 for Mac v. 11.2.5
  Just received the following message from my ISP:
  "Mail server report.
  Our firewall determined the e-mails containing worm copies are being sent from your computer.
  Nowadays it happens from many computers, because this is a new virus type (Network Worms).
  Using the new bug in the Windows, these viruses infect the computer unnoticeably.
  After the penetrating into the computer the virus harvests all the e-mail addresses and sends the copies of itself to these e-mail
  addresses
  Please install updates for worm elimination and your computer restoring.
  Best regards,
  Customers support service"
  How do I eliminate worms and viruses?
  iMac G5, Powerbook G4   Mac OS X (10.4.7)  

  There are no known worms or viruses in the wild for OS X.
  What is undoubtedly happening is that some windows user, who's machine is infected, has your email addy in their address book. Mass mailing worms will not only send to everyone in the infected accounts address book, but will use addresses from there to spoof the "from:" field in the sent emails.
  There really is nothing you can do since it is not your machine that is the problem. It's some windows machine with your email in the address book, sending emails spoofed to appear as if they came from you.

• Don't fall for scams!

  This is a IN-DEPTH guide on how to spot the nonesense that scammers try to tell you.
  LEGEND
  SCAM: "A fraudulent scheme performed by a dishonest individual, group, or company in an attempt obtain money or something else of value. Scams traditionally resided in confidence tricks, where an individual would misrepresent themselves as someone with skill or authority, i.e. a doctor, lawyer, investor. After the internet became widely used, new forms of scams emerged such as lottery scams, scam baiting, email spoofing, phishing, or request for helps. These are considered to be email fraud. Also see phishing, scheme."
  - Quote from BusinessDictionary (BusinessDictionary.com)
  Ways to prevent people SCAMMING you:
  The fraudulent individual scammer!
  This person will try his hardest to deceive you.
  Basic Equation for fraud of a individual: You want to give something to "person 1", "person 2" knows about this and pretends to be "person 1" and then he then accepts the gift as "person 1" then takes what you nicely gifted.
  = You lost something you most likely can't get back.
  IN-DEPTH Equation for fraud of a individual:
  It is a friends/relative of yours birthday who is "Person 1" and your in this awesome communication application called Skype and you are chatting to some "friends" or relatives, "Person 1" and "Person 2", but they haven't got the best relationship (or there relationship isn't as strong as there greed.), so on forward you want to buy "Person 1" something for his birthday, and you are to lazy/not able to go to the shop so you want to buy him something online and you want him to pick out whatever he wants and order it to his house but you will do it tommorrow. (I am assuming not the most common scenario but you understand.), Out of spite/greed Sam hears about this and then #1. Gets ahold of the account that "Person 1" is using Skype (Or other.) on, by hacking or finding the device "Person 1" is logged into. #2. Makes a new account pretending to be "Person 1".
  "Person 2" somehow accomplishes to do one of them 2 things how can you make sure it is who you think it is?
  Answer that always works for this type of scamming if done correctly: 2 I have used.
  #1. Have a way a secret list of characters or a word that isn't easily guessable by even your closest of friends, Eg. "Buttercups446" tell them that in person or privately and the next day you want to give him "item" you can tell him to send you that "password" before you do so. In my opinion that is an amature way of doing it in my opinion, because if "gender" writes it down somewhere to remember or if he doesnt remember at all, or if someone somehow overhears it is busted.
  #2. Come on! Use the the way the cavemans used to do it! Skype, a Phone (Not truth.)! Easiest way is to simply use voice communication there is no way they can 100% forge the voice of someone else by the details of what they say and how they say the words. You can talk over the phone or skype whilst giving the gift or transaction.
  #3. I wouldn't recommend using this one, maybe if you don't have anyway of voice communication you can nickname/rename someone and put brackets next to there name saying REAL. Eg. "Garrick Dale (REAL)". This has one major weakness if someone get's ahold of the account then it will still say that is the person you want to give/trade the item to/with.
  The fraudulent organisation or company scammer!
  These people/person will pretend to be an organisation or company and send you messages through something or emails that looks legitimate but isn't.
  Basic equation of fraud of a group: You get a message from "A Phony Organisation/Company" they ask for you to prove that you are the person you are by putting in credentials of something they could withdraw money out of but they say they won't.
  = They do take money out of the account possibly drain it, even if you do get your money back they might still keep the money they scammed.
  IN-DEPTH Basic equation of fraud of a group:
  So you get a email/message and it is written or they send you to a website that looks like the website you are using, "Someone has tried to log into your account, we have locked the account to open it you need to verify that this is really you, you need to put in your banking credentials here, no money will be extracted.".
  You then get that email/message how do you find out it's the real deal?
  Answer that always works for this type of scamming if done correctly: 2 option I have used.
  #1. If the company has a helpline (phone support) or email support you can contact (Get this from there website), you can then contact them and ask about the email/message or website they take you to that you recieved about you giving them banking credentials. They should give you an explanation.
  #2. Making sure the email, message or website that came from the apparent, organisation/company. people do pretty cheap things to trick you into believing things.
  Examples. Real website: www.skype.com.en - Fake website: www.sskype.com.en
  The "I will" scammer!
  They will tell you they will do something, oath, swear on it, but never do it. Lies.
  Basic Equation for a "I will" scammer: "Person 1" says they'll give "Person 1's Item" for a item or/and money you have. = You give him the item/money and he doesn't give what he said in return, you never speak to him again.
  IN-DEPTH Basic Equation for a "I will" scammer:
  "Person 1" asks you if he/she could trade an item you own for "Person 1's Item" it sounds like a good idea.
  You want to trade but how do you know if he/she will give there part of the bargain?
  Answer that always works for this type of scamming if done correctly: 2 option I have used.
  #1. Trade your items/money through a secure network or service don't just do a "I give you this then you give me that.", for example, there is a gaming platform called Steam and they have a online item trading system if you use it correctly you cannot be scammed.
  #2. As simple as not trading, just sell for money on secure services where they then distribute whatever you are selling such as Ebay, or once again Steam.
  THIS IS THE END OF MY POST ABOUT HOW TO PREVENT GETTING SCAMMED IF YOU WANT ME TO MAKE A POST ABOUT HOW TO PREVENT BLACKMAILING TELL ME BY REPLYING!
  ~MOOCHACHO
  I strive to give people the power to have as much anonymity as they possibly can.

  The problem may not be Apple or iTunes but with Addmired, Inc.  The company which created those games.  The games are loaded with hackers, subject players to high levels of harassment, threats, and profanity from other players and yet, there is NO support from Addmired in regards to helping players who try to report the harassment or ask for help.
  I have been unable to play any of the games by Addmired, (iMob, Global War, Original Gangstaz) due to constant harassment from hackers who located me after I responded to a request for help from another member of my 'gang/mob'.  Now, because I was stupid enough to try and help someone - I am being bombarded by threats, harassment, profanity laced messages and unable to even play the game because an obvious hacker using a jailbroken iphone / ipod attacks me again, and again, and again so that I can't play the game.
  Addmired needs to be addressed, if they are going to charge players for a 'free' game where you pretty much have to buy the additional points (street cred, respect.. whatever they want to call it) then the company has a responsiblity to it's customers to provide support against harassment in the games yet they do not!  I have tried for weeks to get help from this company, sending emails to them through the contact form on their website with no response, and no action taken against the individuals harassing me.

• Receive connector anonymous or authenticate

  Hi,
  Does anyone know a way to set a receive connector to only request authentication in certain circumstances?
  Let me explain the scenario: If you have a receive connector that is set to accept general inbound emails from anyone then it will be set to accept emails from any sender address.
  However, if someone is trying to spoof the sender address and they use an email address which is valid within your organisation then it would be really useful if it could request authentication at that point, since emails from internal users should only
  come from authenticated devices.
  Is there any way to do this?
  Thanks in advance.
  Neil

  Hi,
  According to your description, there are spoofing emails in your environment. And as far as I know, the authentication of receive connector cannot only work in certain circumstance.
  Ｈowever, I recommend the following methods to prevent emails spoofing.
  1. Remove ms-Exch-SMTP-Accept-Any-Sender for anonymous users on the receive connector      
  2. Remove ms-Exch-SMTP-Accept-Authoritative-Domain-Sender for anonymous users on the receive connector
  3. Enable Sender-ID validation on the receive connector, with a corresponding TXT (SPF) record in DNS.
  http://technet.microsoft.com/en-us/library/ff714972.aspx
  4. Enable the Anti-Spam functionality on the mailbox server:
  http://technet.microsoft.com/en-us/library/bb201691(v=exchg.150).aspx
  If you have any question, please feel free to let me know.
  Thanks,
  If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Angela Shi
  TechNet Community Support

• Receiving E-mail From People On My Contact List Erroneously

  I have started receiving e-mail from some of the people on my Verizon contact list.  For example, if Jack Jones is someone I correspond with, I will receive a message that looks like it is from him, but when I look at the sender details, it is from some e-mail account that we never heard of.  In the message body, is a URL to click on.  The subject is sometimes blank or sometimes it says:  "For MyName".  This has happened with several different of my contacts about once or twice a week with different URL's to click on.  What can I do to stop this?  Thanks for any assistance.

  You or they probably have either
  caught a computer viurs
  had their email account stolen
  had someone steal the email contatcts and are being email spoofed
  Both you and your contacts should consider doing
  change your email account password immediately
  scan your computer with good antivirus software
  You may want to change your email name

• Sending weird links. virus?

  A friend told me my email is sending weird links. do i have a virus on my mac?

  Are these "weird links" parts of emails a tally sent by you or is your friend getting emails from an address that "appears" to be yours? It sounds more like email spoofing to me.