Re: Unusual email recieved
From: Moi? (dasubscribe@marble.net.au)
Date: 11/26/02
- Next message: bahu: "Help! SP-3 / Outlook 2000 aren't working anymore..."
- Previous message: T. Atkinson: "Message"
- In reply to: Clayton Jackson: "Unusual email recieved"
- Next in thread: Ned Flanders: "Re: Unusual email recieved"
- Reply: Ned Flanders: "Re: Unusual email recieved"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Moi?" <dasubscribe@marble.net.au> Date: Tue, 26 Nov 2002 14:36:55 +1030
The true idiot is the person with the open mail relay.
Try the following on a server
telnet (server IP) 25
helo yahoo.com
mail from: (sourceaddress)
rcpt to: (destinationaddress)
data
This is an open relay test
.
rset
quit
This opens a mail session to a server
authenticates as a real domain name
mail from: This is just a text field, requiring the @ symbol in it. Some
actually check for domain names, but these are few and far between
rcpt to: This is the email address that is being sent to.
At this stage, the mail server should reply Cannot relay for (address)
Message body
. (The full-stop ends data input when preceeded and proceeded by
character returns
rset (Resets transaction. Implies connection ending)
quit (duh)
When the SMTP server doesn't error with can't relay for..., you can put in
any address you feel like, including george.w.busch@us.gov
You can view the properties of the mail, but it will only show the IP of the
open relay, not the person that sent it. The chances of the SMTP server
having logs of the IP that sent the message are exceptionally small. Even
if you do, you then need to track down the ISP that owns the IP address, and
ask them to find out who had this IP at the time. The chances of this
happening, and them cooperating are smaller again. There is always the
small chance that this was a good, experienced hacker, who could hide their
IP address. This is fortunately, unlikely, but not impossible.
All in all, it is too much trouble. You could, with a lot of effort,
probably find out the answer, but how much is your time worth?
"Clayton Jackson" <cjacksonii@mail2mypc.com> wrote in message
news:152c501c29498$b1f0e6d0$8df82ecf@TK2MSFTNGXA02...
> Greetings. I was checking my email, and found an email
> from a person calling himself "user" with my email address
> being used as the from field. In the message itself was a
> Windows 98 Product ID and Product Key. My first thought is
> that it was a virus sending it out to people, masking the
> email address as their own. [I only use web based email,
> so that nothing can go out via Outlook Express that's
> viral in nature, nor can I recieve an email virus.]
>
> I know for a fact that I did not send this out, and would
> like to find out who to contact to report this occuring,
> so that if this idiot[to use a nice word] has sent this
> same email to other people using my email address, that I
> won't be caught in the crossfire.
>
> The message looked like this, taking out the Product ID
> and Key, just in case it's a valid ID and Key, of another
> person who uses Windows 98:
>
> ---- Message follows -----
> Hello,
>
> Product Name: Microsoft Windows 98
> Product Id: xxxxx-OEM-xxxxxxx-xxxxx
> Product Key: xxxxx-xxxxx-xxxxx-xxxxx-xxxxx
>
> Process List:
> _Oscar_SoundMonitor
> PG Monitor
>
> Thank you.
> ---- End of copied message ----
>
> Any assistance on what this is, who might have sent it, or
> where to contact about this, would be greatly appreciated.
>
> Thanks in advance
> Clayton Jackson
- Next message: bahu: "Help! SP-3 / Outlook 2000 aren't working anymore..."
- Previous message: T. Atkinson: "Message"
- In reply to: Clayton Jackson: "Unusual email recieved"
- Next in thread: Ned Flanders: "Re: Unusual email recieved"
- Reply: Ned Flanders: "Re: Unusual email recieved"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
