Spoofed emails sent by a spammer?

Topic

New Reply

A friend keeps getting messages saying email was undeliverable, but the emails were not sent by her and she does not recognize the email addresses. I checked her sent box in her mail client, as well as the webmail interface in Cox, and the emails do not appear there either. So I am assuming someone is spoofing her email address and sending the spam.

What do I need to look at in the Message Source code to see who is really sending the emails? In the Source code I can see a line “Received From:” that has an email and IP address she does not recognize. Other than that I don’t see anything that looks like another email address. And the address on that line changes from one returned email to the next.

This has been going on for over a month, and Cox is complaining about all the returned emails, I guess they think she is a spammer.

Thanks

Reply | Quote

Replies

If you have an IP address, then you can try “WHOIS” – https://who.is/ to see if you can find the culprit.

There my be other ways to find him/her as well.

Ron M

Reply | Quote

A trace from the email headers might help: http://whatismyipaddress.com/trace-email

Reply | Quote

Also, your friend might explain to Cox that she is not the true sender and ask Cox to investigate who is (which I think Cox should have done in the first place).

Reply | Quote

I agree David, Cox should know better. They could start at Wiki.

Spoofing was very common last decade, but seems to have died out this one. My business email address used to be spoofed 3-4 times a year, for a few days at a time–then the spammer would move on to the next address in their list.

What do I need to look at in the Message Source code to see who is really sending the emails?

You will very probably be wasting your time Vincenzo, unless it’s a kid or amateur. Almost always this is someone using a botnet of infected computers, so the only address you’ll discover is some oblivious innocent.

In the Source code I can see a line “Received From:” that has an email and IP address she does not recognize. … And the address on that line changes from one returned email to the next.

I assume the “Received From:” is from wherever the email tried to be delivered, so typically an ISP–are the addresses something like “postmaster@” or “mailer-daemon@”?

The ISPs are letting the supposed sender [your friend] know that they couldn’t deliver the email. The spammer’s list of target addresses is probably old–or he’s just doing random shots like mary10@, mary11@ etc–so many of the addresses are dead now.

The advice is to ignore this, there’s very little you or she can do other than waste your time–apart from educate Cox! If it’s similar to last decade, it should blow over shortly, and reappear periodically thereafter.

Lugh.
~
Alienware Aurora R6; Win10 Home x64 1803; Office 365 x32
i7-7700; GeForce GTX 1060; 16GB DDR4 2400; 1TB SSD, 256GB SSD, 4TB HD

Reply | Quote

Keep reminding Cox — if they remain un-convinced, they could block your email account — no more emails out or in.

"Take care of thy backups and thy restores shall take care of thee." Ben Franklin, revisted

Reply | Quote

A friend keeps getting messages saying email was undeliverable, but the emails were not sent by her and she does not recognize the email addresses. I checked her sent box in her mail client, as well as the webmail interface in Cox, and the emails do not appear there either. So I am assuming someone is spoofing her email address and sending the spam.

There’s a real possibility that the cox/email password has been compromised, I would suggest changing the password immediately to something strong. It has happened to a number of my contacts and once they changed their password, it stopped.

Don't take yourself so seriously, no one else does
All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

Reply | Quote

I would also recommend communicating with Cox about the problem, but my experience with Cox is extremely poor. For any SPAM I always use SpamCop the results of which you might be able to forward to Cox with a note. One of the numerous problems I have with Cox is that I cannot forward SPAM email through their servers.

Reply | Quote

Thanks for the suggestions. I will try whois and tracing the headers.

We’ve changed the email password a few times, Cox has invalidated the old one repeatedly so we had to.

I’m waiting to hear back from my friend, so we can talk to Cox some more.

Thanks

Reply | Quote

Thanks for the suggestions. I will try whois and tracing the headers.

We’ve changed the email password a few times, Cox has invalidated the old one repeatedly so we had to.

I’m waiting to hear back from my friend, so we can talk to Cox some more.

Thanks

One of the main advantages of SpamCop, is that is traces the real source of the message, plus identifies the hosting service of any web link within the email. It’s free, or by donation. If any source ISP refuses to accept SpamCop reports, I’ll usually usually forward the entire message directly to them. I also always copy spam@uce.gov on every report.

Reply | Quote