8 replies to this topic

[Cluttermagnet]

Hi, All-

I just received an email in Yahoo written entirely in Cyrillic sent from one of my main email addresses in the Yahoo domain. An obvious case of email address forgery- I didn't send it. I doubt there's a whole lot I can do about it. My one concern would be that that email address might become blacklisted extensively. OTOH I do not email widely from that account. I use it to participate in a few radio- oriented forums. This happened to me one other time in the past 5-8 years in my 'really main' email account. Didn't seem to have very serious ramifications in that case.

I'd appreciate comments as to what I might expect or things I might want to do, but frankly, I don't think there is a single thing I can do or need to do about this.

Thanks, Clutter

Edited by Cluttermagnet, 08 April 2012 - 04:17 PM.

[LilBambi]

Yes, likely forgery for sure. But I would change the password for that email account regardless.

[ross549]

The applicable RFC (or specification) requires that an e-mail program send e-mail with the From" field to show the account it is being sent from.

However, there are plenty of malicious mass e-mail programs that do not follow the RFC specified behavior. There is nothing stopping those programs from sending an e-mail with a completely different address in the From: field. In essence, you really cannot trust the from field.

Basically, someone got a hold of the actual address. That is a trivial matter- if you corresponded with someone at some point, a virus or some other malware may find your address on that other person's machine, send it back "home," and use it in the From: field in a few million e-mail messages.

In any case, it is highly unlikely your e-mail *account* was compromised, just that someone found out what your address is and used it in a bunch of forged messages.

Adam

[LilBambi]

You are right Adam, but there is always the chance. Always best practice is to change the password, just in case.

[Cluttermagnet]

Yep-
I'm torn at this point, Fran- but leaning towards the explanation Adam gave. I think this is probably the 'forged headers' method, and that someone simply got hold of the email address and abused it. That wouldn't be hard, as it is exposed regularly in one or two of the forums I use it in. BTW I know for sure of a 'recent' incidence (about a month or two ago) of receiving an email with a clickable link in the body from a hacked Yahoo email account. I know that sender, though not well. I got some free firewood from him off of Craig's List a couple of years ago. Had not received any more followup emails whatever from him prior to the suspicious email about 2 years later. That one had all the hallmarks of a hacked email account mailing to every address it could grab on that hard drive.

All the headers in my message tell me is that 'clutterID'@yahoo.com emailed himself- both sender and recipient. I can't read and understand Cyrillic. I doubt that the moron who forged my email could be caught. They usually cover their tracks well. I very much doubt he would be stupid enough to reuse a stolen ID. He'll move on to the next one.

One giveaway is that there is no Sent copy of the email. I don't have any reason so far to suspect the account got hacked. Every email out of that account which I send gets a backup copy put into my Sent folder. So I don't believe that email originated from my actual account. It's forged headers.

In essence, you really cannot trust the from field.

Yep.

I must admit I use pretty weak passwords and don't change them often enough. I don't really *want* to have to change them. I have a memory like a steel sieve. I'm afraid I'll forget a new password and get locked out of my own accounts.

The applicable RFC (or specification) requires that an e-mail program send e-mail with the From" field to show the account it is being sent from.

However, there are plenty of malicious mass e-mail programs that do not follow the RFC specified behavior. There is nothing stopping those programs from sending an e-mail with a completely different address in the From: field. In essence, you really cannot trust the from field.

Basically, someone got a hold of the actual address. That is a trivial matter- if you corresponded with someone at some point, a virus or some other malware may find your address on that other person's machine, send it back "home," and use it in the From: field in a few million e-mail messages.

In any case, it is highly unlikely your e-mail *account* was compromised, just that someone found out what your address is and used it in a bunch of forged messages.

Adam

Edited by Cluttermagnet, 08 April 2012 - 09:27 PM.

[LilBambi]

Yep, I agree with Adam. as I noted.

It's just if this is the first time you have gotten anything like this, I would still for best practice ... to be sure ... change the email password.

[burninbush]

All the headers in my message tell me is that 'clutterID'@yahoo.com emailed himself- both sender and recipient. I can't read and understand Cyrillic.  >clutter

+++++++++++++++

But google can probably find somebody to translate it for you.  Might be fun to know what is in it -- but it's probably an advert for Viagra or something like.

[abarbarian]

I must admit I use pretty weak passwords and don't change them often enough. I don't really *want* to have to change them. I have a memory like a steel sieve. I'm afraid I'll forget a new password and get locked out of my own accounts.

Give RoboForm a try. You can use it on a local pc without syncing with RoboForms servers.Works well as a add-on in FF.  

[Temmu]

u can send mail from your command line if you know of a mail server:  
just type like this:

CODE

telnet 123.123.123.456

the ip address of said mail server

CODE

ehlo

ask the server what it does for you (sung to the tune of, "what have you done for me lately?")
you get back a bunch of 250 - lines, like
250 - mailservername hello [123.123.123.456]
250 - pipelining
250 - 8bitmime
etc

CODE

mail from:yourname@domain.com

so... the domain that the mail server servers up (for the ip address given)

CODE

rcpt to:someuser@somedomain.com

you did want to send email to someone, right?

CODE

data

lets the email server know u r fixing to type the email

CODE

subject:whatever you want for your subject line

you must hit the enter key here!!

CODE

some more text here, like, hi there! howzit goin?

you must now do 3 things: hit the enter key.  type a period (dot) . hit the enter key again
another 250 shows up, like
250 2.6.0 (bunch of gibberish here) queued mail for delivery

there's a few more 250 lines than i've listed - each input gets one as output to your command prompt.
of course, if you write an email server for yourself, of course any / all of that is tamper-able.