How can I trace the source of this email?

Discussion in 'Computer Security' started by Randell D., Nov 5, 2003.

  1. Randell D.

    Randell D. Guest

    Can someone tell me how I received the following email?

    Its junk email - I used to have several pop3 boxes, but now I have one and
    have all my previous emails forwarded to the one pop3 box. I know it came
    from one of my alias or mail forwarding accounts, and not directly to my
    pop3 account because I use zoneedit.com for my mail forwarding and they are
    mentioned in the email path. I have replaced my real pop3 account with
    unt in the path... If I can find out the original address it
    was sent to, then I figure out who has sold my email address without my
    permission...

    Cheers
    Randell D.


    04 Nov 2003 16:09:57 -0700 (MST)
    Received: from pd8mi1no.prod.shaw.ca
    (pd8mi1no-qfe2.prod.shaw.ca [10.0.149.144]) by l-daemon
    (iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003))
    with ESMTP id <0HNU00K24OCLB2@l-daemon> for unt
    (ORCPT unt); Tue, 04 Nov 2003 16:09:57 -0700 (MST)
    Received: from mail.zoneedit.com (mail.zoneedit.com [67.29.152.143])
    by l-daemon (iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003))
    with ESMTP id <0HNU009DIOCLE1@l-daemon> for unt; Tue,
    04 Nov 2003 16:09:57 -0700 (MST)
    Received: from maxio3.uk2net.com (maxlb1ip.uk2net.com [213.239.57.81])
    by mail.zoneedit.com (Postfix) with ESMTP id 91A7E625978; Tue,
    04 Nov 2003 18:09:56 -0500 (EST)
    Received: from [10.0.1.221] (helo=mail.uk2.net) by maxio3.uk2net.com with
    smtp
    (Exim 4.24) id 1AHAHp-00038p-Ea; Tue, 04 Nov 2003 23:08:33 +0000
    Received: from 81.199.84.12 (SquirrelMail authenticated user complotto)
    by maxproxy2.uk2net.com with HTTP; Tue, 04 Nov 2003 23:08:19 +0000 (GMT)
    Date: Tue, 04 Nov 2003 23:08:19 +0000 (GMT)
    From: manager lotto <>
    Subject: CONGRATULATIONS
    To: undisclosed-recipients: ;
    Message-id: <2net.com>
    MIME-version: 1.0
    Content-type: text/plain; charset=iso-8859-1
    Content-transfer-encoding: 8BIT
    Importance: Normal
    X-Priority: 3
    User-Agent: SquirrelMail/1.4.1
    X-SA-Exim-Mail-From:
    X-Spam-Checker-Version: SpamAssassin 2.60-rc6 (1.208-2003-09-19-exp) on
    maxio3.uk2net.com
    X-Spam-Status: No, hits=4.0 required=5.0 tests=LINES_OF_YELLING,
    MAILTO_TO_SPAM_ADDR,PRIORITY_NO_NAME,SELECTED_YOU autolearn=no
    version=2.60-rc6
    X-Spam-Level: ***
    X-SA-Exim-Version: 3.0 (built Tue May 27 21:41:10 CEST 2003)
    Original-recipient: rfc822;

    For the hell of it, I include everything I have manged to find out about it
    below:


    Domain Name: LINKFINANCEANDTRUSTLTD.NET
    Registrar: MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE
    Whois Server: whois.melbourneit.com
    Referral URL: http://www.melbourneit.com
    Name Server: YNS1.YAHOO.COM
    Name Server: YNS2.YAHOO.COM
    Status: ACTIVE
    Updated Date: 15-oct-2003
    Creation Date: 15-oct-2003
    Expiration Date: 15-oct-2004


    [whois.melbourneit.com]

    Domain Name.......... linkfinanceandtrustltd.net
    Creation Date........ 2003-10-16
    Registration Date.... 2003-10-16
    Expiry Date.......... 2004-10-16
    Organisation Name.... Richard Forbes
    Organisation Address. 105 B North Milledge Ave.
    Organisation Address.
    Organisation Address. athens
    Organisation Address. 30612
    Organisation Address. GA
    Organisation Address. UNITED STATES

    Admin Name........... Richard Forbes
    Admin Address........ 105 B North Milledge Ave.
    Admin Address........
    Admin Address........ athens
    Admin Address........ 30612
    Admin Address........ GA
    Admin Address........ UNITED STATES
    Admin Email..........
    Admin Phone.......... +1.7065468122 <==== ## Holiday Inn Express ##


    Tech Name............ YahooDomains TechContact
    Tech Address......... 701 First Ave.
    Tech Address.........
    Tech Address......... Sunnyvale
    Tech Address......... 94089
    Tech Address......... CA
    Tech Address......... UNITED STATES
    Tech Email...........
    Tech Phone........... +1.6198813096
    Tech Fax............. +1.6198813010
    Name Server.......... yns1.yahoo.com
    Name Server.......... yns2.yahoo.com


    -----Original Message-----
    FROM: THE PRIZE AWARD DEPARTMENT
    WORLDWIDE PREMIER LOTTO, UK


    Congratulations Category A prize winner! You have been
    selected as one of two winners of the Worldwide Premier Lotto
    UK computer ballot draws and thus will be a privileged recipient
    of the grand draw prize of £ 7,500,000 (Seven million five
    hundred thousand Great Britain Pounds only). Winning File
    Reference number for your prize is WWPL/UK/ 61-812087; ticket
    number 003-214-39/A.

    We in the Worldwide Premier Lotto UK is by this
    program, launching our model computer balloting lottery draws,
    developed and designed to satisfy the cravings of the ever
    growing number of participants in our various lottery programs. With
    funds accrued exclusively from previous draws, payouts to
    all winners are guaranteed and will be transferred in record time.

    After randomly selecting 15,000 participants from an
    initial database of 300,000 emails and zoning all
    participants by their respective continents from across the
    globe, we produced an extensive list from which you have emerged as one of
    the winners of the Grand Draw prize.

    To ensure a smooth collection of your winnings, the
    transfer of your prize is to be handled by our Prize
    Transfer agents. You are to contact our agents by email
    and/or fax within a week of receiving this notice.
    Please find full contact details below:

    Mr. Simon Perchard
    Finance Director
    Link Finance and Trust Ltd.
    20 - 24 St. Leonard's Road
    Windsor SL4 3BB, United Kingdom
    Great Britain
    Tel: (+44) 709 204 1843
    Fax: (+44) 709 203 9288

    Email:

    Also find all other relevant winning lottery
    information
    below:
    Draw Serial No: 35/751346
    Batch No: 06-A852
    Zonal Draw No: A2-003
    Grand Draw No: 12099

    You are seriously advised to keep all winning lottery
    information and numbers from the public in line with
    our companysecurity protocol to avoid double claiming
    and unwarranted abuse of this program by unscrupulous individuals.

    Please direct all further correspondences and queries
    to your respective category Prize Transfer handlers.
    Congratulations once again from the Worldwide Premier Lotto family.


    Sincerely,


    Joseph Finn
    International Promotions Manager
    WORLDWIDE PREMIER LOTTO, UK
    Randell D., Nov 5, 2003
    #1
    1. Advertising

  2. Randell D.

    Kevin Guest

    Why don't you just report these guys to ?

    "Randell D." <> wrote in
    message news:9WZpb.298559$9l5.222421@pd7tw2no...
    >
    > Can someone tell me how I received the following email?
    >
    > Its junk email - I used to have several pop3 boxes, but now I have one and
    > have all my previous emails forwarded to the one pop3 box. I know it came
    > from one of my alias or mail forwarding accounts, and not directly to my
    > pop3 account because I use zoneedit.com for my mail forwarding and they

    are
    > mentioned in the email path. I have replaced my real pop3 account with
    > unt in the path... If I can find out the original address it
    > was sent to, then I figure out who has sold my email address without my
    > permission...
    >
    > Cheers
    > Randell D.
    >
    >
    > 04 Nov 2003 16:09:57 -0700 (MST)
    > Received: from pd8mi1no.prod.shaw.ca
    > (pd8mi1no-qfe2.prod.shaw.ca [10.0.149.144]) by l-daemon
    > (iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003))
    > with ESMTP id <0HNU00K24OCLB2@l-daemon> for unt
    > (ORCPT unt); Tue, 04 Nov 2003 16:09:57 -0700 (MST)
    > Received: from mail.zoneedit.com (mail.zoneedit.com [67.29.152.143])
    > by l-daemon (iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14

    2003))
    > with ESMTP id <0HNU009DIOCLE1@l-daemon> for unt; Tue,
    > 04 Nov 2003 16:09:57 -0700 (MST)
    > Received: from maxio3.uk2net.com (maxlb1ip.uk2net.com [213.239.57.81])
    > by mail.zoneedit.com (Postfix) with ESMTP id 91A7E625978; Tue,
    > 04 Nov 2003 18:09:56 -0500 (EST)
    > Received: from [10.0.1.221] (helo=mail.uk2.net) by maxio3.uk2net.com with
    > smtp
    > (Exim 4.24) id 1AHAHp-00038p-Ea; Tue, 04 Nov 2003 23:08:33 +0000
    > Received: from 81.199.84.12 (SquirrelMail authenticated user complotto)
    > by maxproxy2.uk2net.com with HTTP; Tue, 04 Nov 2003 23:08:19 +0000 (GMT)
    > Date: Tue, 04 Nov 2003 23:08:19 +0000 (GMT)
    > From: manager lotto <>
    > Subject: CONGRATULATIONS
    > To: undisclosed-recipients: ;
    > Message-id: <2net.com>
    > MIME-version: 1.0
    > Content-type: text/plain; charset=iso-8859-1
    > Content-transfer-encoding: 8BIT
    > Importance: Normal
    > X-Priority: 3
    > User-Agent: SquirrelMail/1.4.1
    > X-SA-Exim-Mail-From:
    > X-Spam-Checker-Version: SpamAssassin 2.60-rc6 (1.208-2003-09-19-exp) on
    > maxio3.uk2net.com
    > X-Spam-Status: No, hits=4.0 required=5.0 tests=LINES_OF_YELLING,
    > MAILTO_TO_SPAM_ADDR,PRIORITY_NO_NAME,SELECTED_YOU autolearn=no
    > version=2.60-rc6
    > X-Spam-Level: ***
    > X-SA-Exim-Version: 3.0 (built Tue May 27 21:41:10 CEST 2003)
    > Original-recipient: rfc822;
    >
    > For the hell of it, I include everything I have manged to find out about

    it
    > below:
    >
    >
    > Domain Name: LINKFINANCEANDTRUSTLTD.NET
    > Registrar: MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE
    > Whois Server: whois.melbourneit.com
    > Referral URL: http://www.melbourneit.com
    > Name Server: YNS1.YAHOO.COM
    > Name Server: YNS2.YAHOO.COM
    > Status: ACTIVE
    > Updated Date: 15-oct-2003
    > Creation Date: 15-oct-2003
    > Expiration Date: 15-oct-2004
    >
    >
    > [whois.melbourneit.com]
    >
    > Domain Name.......... linkfinanceandtrustltd.net
    > Creation Date........ 2003-10-16
    > Registration Date.... 2003-10-16
    > Expiry Date.......... 2004-10-16
    > Organisation Name.... Richard Forbes
    > Organisation Address. 105 B North Milledge Ave.
    > Organisation Address.
    > Organisation Address. athens
    > Organisation Address. 30612
    > Organisation Address. GA
    > Organisation Address. UNITED STATES
    >
    > Admin Name........... Richard Forbes
    > Admin Address........ 105 B North Milledge Ave.
    > Admin Address........
    > Admin Address........ athens
    > Admin Address........ 30612
    > Admin Address........ GA
    > Admin Address........ UNITED STATES
    > Admin Email..........
    > Admin Phone.......... +1.7065468122 <==== ## Holiday Inn Express ##
    >
    >
    > Tech Name............ YahooDomains TechContact
    > Tech Address......... 701 First Ave.
    > Tech Address.........
    > Tech Address......... Sunnyvale
    > Tech Address......... 94089
    > Tech Address......... CA
    > Tech Address......... UNITED STATES
    > Tech Email...........
    > Tech Phone........... +1.6198813096
    > Tech Fax............. +1.6198813010
    > Name Server.......... yns1.yahoo.com
    > Name Server.......... yns2.yahoo.com
    >
    >
    > -----Original Message-----
    > FROM: THE PRIZE AWARD DEPARTMENT
    > WORLDWIDE PREMIER LOTTO, UK
    >
    >
    > Congratulations Category A prize winner! You have been
    > selected as one of two winners of the Worldwide Premier Lotto
    > UK computer ballot draws and thus will be a privileged recipient
    > of the grand draw prize of £ 7,500,000 (Seven million five
    > hundred thousand Great Britain Pounds only). Winning File
    > Reference number for your prize is WWPL/UK/ 61-812087; ticket
    > number 003-214-39/A.
    >
    > We in the Worldwide Premier Lotto UK is by this
    > program, launching our model computer balloting lottery draws,
    > developed and designed to satisfy the cravings of the ever
    > growing number of participants in our various lottery programs. With
    > funds accrued exclusively from previous draws, payouts to
    > all winners are guaranteed and will be transferred in record time.
    >
    > After randomly selecting 15,000 participants from an
    > initial database of 300,000 emails and zoning all
    > participants by their respective continents from across the
    > globe, we produced an extensive list from which you have emerged as one of
    > the winners of the Grand Draw prize.
    >
    > To ensure a smooth collection of your winnings, the
    > transfer of your prize is to be handled by our Prize
    > Transfer agents. You are to contact our agents by email
    > and/or fax within a week of receiving this notice.
    > Please find full contact details below:
    >
    > Mr. Simon Perchard
    > Finance Director
    > Link Finance and Trust Ltd.
    > 20 - 24 St. Leonard's Road
    > Windsor SL4 3BB, United Kingdom
    > Great Britain
    > Tel: (+44) 709 204 1843
    > Fax: (+44) 709 203 9288
    >
    > Email:
    >
    > Also find all other relevant winning lottery
    > information
    > below:
    > Draw Serial No: 35/751346
    > Batch No: 06-A852
    > Zonal Draw No: A2-003
    > Grand Draw No: 12099
    >
    > You are seriously advised to keep all winning lottery
    > information and numbers from the public in line with
    > our companysecurity protocol to avoid double claiming
    > and unwarranted abuse of this program by unscrupulous individuals.
    >
    > Please direct all further correspondences and queries
    > to your respective category Prize Transfer handlers.
    > Congratulations once again from the Worldwide Premier Lotto family.
    >
    >
    > Sincerely,
    >
    >
    > Joseph Finn
    > International Promotions Manager
    > WORLDWIDE PREMIER LOTTO, UK
    >
    >
    Kevin, Nov 5, 2003
    #2
    1. Advertising

  3. In article <9WZpb.298559$9l5.222421@pd7tw2no>,
    says...

    > maxproxy2.uk2net.com
    >


    looks to be the first email server to catch the mail... but if you don't
    have an email address handled by their servers, it would be up the
    list... you're the only one of us so far that knows what email addresses
    you have :)




    --
    Colonel Flagg
    http://www.internetwarzone.org/

    Privacy at a click:
    http://www.cotse.net

    Q: How many Bill Gates does it take to change a lightbulb?
    A: None, he just defines Darkness? as the new industry standard..."

    "...I see stupid people."
    Colonel Flagg, Nov 5, 2003
    #3
  4. Randell D.

    Vanguard Guest

    Randell D. wrote:
    > Can someone tell me how I received the following email?
    >
    > Its junk email - I used to have several pop3 boxes, but now I have
    > one and have all my previous emails forwarded to the one pop3 box. I
    > know it came from one of my alias or mail forwarding accounts, and
    > not directly to my pop3 account because I use zoneedit.com for my
    > mail forwarding and they are mentioned in the email path. I have
    > replaced my real pop3 account with unt in the path...
    > If I can find out the original address it was sent to, then I figure
    > out who has sold my email address without my permission...
    >
    > Cheers
    > Randell D.
    >
    >
    > 04 Nov 2003 16:09:57 -0700 (MST)
    > Received: from pd8mi1no.prod.shaw.ca
    > (pd8mi1no-qfe2.prod.shaw.ca [10.0.149.144]) by l-daemon
    > (iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003))
    > with ESMTP id <0HNU00K24OCLB2@l-daemon> for unt
    > (ORCPT unt); Tue, 04 Nov 2003 16:09:57 -0700 (MST)
    > Received: from mail.zoneedit.com (mail.zoneedit.com [67.29.152.143])
    > by l-daemon (iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14
    > 2003)) with ESMTP id <0HNU009DIOCLE1@l-daemon> for
    > unt; Tue, 04 Nov 2003 16:09:57 -0700 (MST)
    > Received: from maxio3.uk2net.com (maxlb1ip.uk2net.com [213.239.57.81])
    > by mail.zoneedit.com (Postfix) with ESMTP id 91A7E625978; Tue,
    > 04 Nov 2003 18:09:56 -0500 (EST)
    > Received: from [10.0.1.221] (helo=mail.uk2.net) by maxio3.uk2net.com
    > with smtp
    > (Exim 4.24) id 1AHAHp-00038p-Ea; Tue, 04 Nov 2003 23:08:33 +0000
    > Received: from 81.199.84.12 (SquirrelMail authenticated user
    > complotto) by maxproxy2.uk2net.com with HTTP; Tue, 04 Nov 2003
    > 23:08:19 +0000 (GMT) Date: Tue, 04 Nov 2003 23:08:19 +0000 (GMT)
    > From: manager lotto <>
    > Subject: CONGRATULATIONS
    > To: undisclosed-recipients: ;
    > Message-id:
    > <2net.com>
    > MIME-version: 1.0
    > Content-type: text/plain; charset=iso-8859-1
    > Content-transfer-encoding: 8BIT
    > Importance: Normal
    > X-Priority: 3
    > User-Agent: SquirrelMail/1.4.1
    > X-SA-Exim-Mail-From:
    > X-Spam-Checker-Version: SpamAssassin 2.60-rc6 (1.208-2003-09-19-exp)
    > on maxio3.uk2net.com
    > X-Spam-Status: No, hits=4.0 required=5.0 tests=LINES_OF_YELLING,
    > MAILTO_TO_SPAM_ADDR,PRIORITY_NO_NAME,SELECTED_YOU autolearn=no
    > version=2.60-rc6
    > X-Spam-Level: ***
    > X-SA-Exim-Version: 3.0 (built Tue May 27 21:41:10 CEST 2003)
    > Original-recipient: rfc822;
    >
    > For the hell of it, I include everything I have manged to find out
    > about it below:
    >
    >
    > Domain Name: LINKFINANCEANDTRUSTLTD.NET
    > Registrar: MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE
    > Whois Server: whois.melbourneit.com
    > Referral URL: http://www.melbourneit.com
    > Name Server: YNS1.YAHOO.COM
    > Name Server: YNS2.YAHOO.COM
    > Status: ACTIVE
    > Updated Date: 15-oct-2003
    > Creation Date: 15-oct-2003
    > Expiration Date: 15-oct-2004
    >
    >
    > [whois.melbourneit.com]
    >
    > Domain Name.......... linkfinanceandtrustltd.net
    > Creation Date........ 2003-10-16
    > Registration Date.... 2003-10-16
    > Expiry Date.......... 2004-10-16
    > Organisation Name.... Richard Forbes
    > Organisation Address. 105 B North Milledge Ave.
    > Organisation Address.
    > Organisation Address. athens
    > Organisation Address. 30612
    > Organisation Address. GA
    > Organisation Address. UNITED STATES
    >
    > Admin Name........... Richard Forbes
    > Admin Address........ 105 B North Milledge Ave.
    > Admin Address........
    > Admin Address........ athens
    > Admin Address........ 30612
    > Admin Address........ GA
    > Admin Address........ UNITED STATES
    > Admin Email..........
    > Admin Phone.......... +1.7065468122 <==== ## Holiday Inn Express ##
    >
    >
    > Tech Name............ YahooDomains TechContact
    > Tech Address......... 701 First Ave.
    > Tech Address.........
    > Tech Address......... Sunnyvale
    > Tech Address......... 94089
    > Tech Address......... CA
    > Tech Address......... UNITED STATES
    > Tech Email...........
    > Tech Phone........... +1.6198813096
    > Tech Fax............. +1.6198813010
    > Name Server.......... yns1.yahoo.com
    > Name Server.......... yns2.yahoo.com
    >
    >
    > -----Original Message-----
    > FROM: THE PRIZE AWARD DEPARTMENT
    > WORLDWIDE PREMIER LOTTO, UK
    >
    >
    > Congratulations Category A prize winner! You have been
    > selected as one of two winners of the Worldwide Premier Lotto
    > UK computer ballot draws and thus will be a privileged recipient
    > of the grand draw prize of £ 7,500,000 (Seven million five
    > hundred thousand Great Britain Pounds only). Winning File
    > Reference number for your prize is WWPL/UK/ 61-812087; ticket
    > number 003-214-39/A.
    >
    > We in the Worldwide Premier Lotto UK is by this
    > program, launching our model computer balloting lottery draws,
    > developed and designed to satisfy the cravings of the ever
    > growing number of participants in our various lottery programs. With
    > funds accrued exclusively from previous draws, payouts to
    > all winners are guaranteed and will be transferred in record time.
    >
    > After randomly selecting 15,000 participants from an
    > initial database of 300,000 emails and zoning all
    > participants by their respective continents from across the
    > globe, we produced an extensive list from which you have emerged as
    > one of the winners of the Grand Draw prize.
    >
    > To ensure a smooth collection of your winnings, the
    > transfer of your prize is to be handled by our Prize
    > Transfer agents. You are to contact our agents by email
    > and/or fax within a week of receiving this notice.
    > Please find full contact details below:
    >
    > Mr. Simon Perchard
    > Finance Director
    > Link Finance and Trust Ltd.
    > 20 - 24 St. Leonard's Road
    > Windsor SL4 3BB, United Kingdom
    > Great Britain
    > Tel: (+44) 709 204 1843
    > Fax: (+44) 709 203 9288
    >
    > Email:
    >
    > Also find all other relevant winning lottery
    > information
    > below:
    > Draw Serial No: 35/751346
    > Batch No: 06-A852
    > Zonal Draw No: A2-003
    > Grand Draw No: 12099
    >
    > You are seriously advised to keep all winning lottery
    > information and numbers from the public in line with
    > our companysecurity protocol to avoid double claiming
    > and unwarranted abuse of this program by unscrupulous individuals.
    >
    > Please direct all further correspondences and queries
    > to your respective category Prize Transfer handlers.
    > Congratulations once again from the Worldwide Premier Lotto family.
    >
    >
    > Sincerely,
    >
    >
    > Joseph Finn
    > International Promotions Manager
    > WORLDWIDE PREMIER LOTTO, UK


    Received:
    from <untrusted_helo_string> (pd8mi1no-qfe2.prod.shaw.ca
    [10.0.149.144])
    by l-daemon ...; Tue, 04 Nov 2003 16:09:57 -0700 (MST)
    Received:
    from <untrusted_helo_string> (mail.zoneedit.com [67.29.152.143])
    by l-daemon ...; Tue, 04 Nov 2003 16:09:57 -0700 (MST)
    Received:
    from maxio3.uk2net.com (maxlb1ip.uk2net.com [213.239.57.81])
    by mail.zoneedit.com ...; Tue, 04 Nov 2003 18:09:56 -0500 (EST)
    Received:
    from [10.0.1.221] (helo=<untrusted_helo_string>)
    by maxio3.uk2net.com ...; Tue, 04 Nov 2003 23:08:33 +0000
    Received:
    from 81.199.84.12 (...)
    by maxproxy2.uk2net.com with HTTP; Tue, 04 Nov 2003 23:08:19 +0000
    (GMT)

    You can't go by the HELO/EHLO string that the sender ("from" host)
    claimed that identifies them. The first 2 Received headers seem to be
    used by whatever e-mail forwarding provider that you are using to bounce
    your e-mail around inside their service. The 3rd Received header with a
    uk2net.com looks to have the first step outside your providers domain,
    reinforced by the distinct change in the timezone. Also note that the
    "by" host in the 3rd Received header says the sender is at IP address
    213.239.57.81 but the "from" host reported by that same server shows an
    internal host at 10.0.1.221 (so now you're inside the spam source
    domain). I wouldn't trust any Received headers after that (but then
    uk2net.com is also listed).

    It looks like uk2net.com is running an open proxy or has otherwise been
    compromised by spammers. If the open (abused) proxy at uk2net.com is
    actually reporting a valid IP address of whomever connected to it, the
    the IP address 81.199.84.12 belong to CIDR-COMMUNICATION-01 in Nigeria
    (another Nigerian scam?), according to RIPE's WhoIs. However, bitch to
    uk2net.com for operating an open relay. Bitching to the spammer won't
    help and can only hurt you more.

    You might want to use e-mail aliases instead of forwarding accounts. I
    think the paid-for Yahoo accounts have e-mail aliases. Otherwise, you
    can use Sneakemail.com to create aliases to your e-mail account. When
    registering for a web site or software or when having to divulge a valid
    e-mail account, you can create a Sneakemail alias on the fly. Just
    create a unique alias that only that recipient will ever get. If you
    ever get spammed through that alias then you know who screwed you.
    E-mails delivered through the alias account will have a comment in the
    To header from Sneakemail telling you the alias account through which
    the e-mail was delivered. SpamMotel also provides e-mail aliases but I
    dislike them inserting a statistics table at the start of my e-mails.
    SpamEx, I think, also provides e-mail aliases but costs money.
    Sneakemail is free for a basic account (i.e., daily and monthly quota
    restrictions on bandwidth and quota restriction on max message size) but
    for whom I am dispensing e-mail aliases this is more than sufficient for
    me, but you can get their paid account with larger quotas.

    --
    ____________________________________________________________
    *** Post replies to newsgroup. E-mail is not accepted. ***
    ____________________________________________________________
    Vanguard, Nov 5, 2003
    #4
  5. Randell D.

    Don Kelloway Guest

    "Randell D." <> wrote
    in message news:9WZpb.298559$9l5.222421@pd7tw2no...
    >
    > Can someone tell me how I received the following email?
    >
    > Its junk email - I used to have several pop3 boxes, but now I have one

    and
    > have all my previous emails forwarded to the one pop3 box. I know it

    came
    > from one of my alias or mail forwarding accounts, and not directly to

    my
    > pop3 account because I use zoneedit.com for my mail forwarding and

    they are
    > mentioned in the email path. I have replaced my real pop3 account

    with
    > unt in the path... If I can find out the original

    address it
    > was sent to, then I figure out who has sold my email address without

    my
    > permission...
    >
    > Cheers
    > Randell D.
    >
    >
    > Received: from 81.199.84.12 (SquirrelMail authenticated user

    complotto)
    > by maxproxy2.uk2net.com with HTTP; Tue, 04 Nov 2003 23:08:19 +0000

    (GMT)
    >


    The header indicates that someone using a system assigned with IP
    81.199.84.12 logged into http://mailme.uk2net.com/ with the user account
    of 'complotto'. While logged in, they sent this email.

    --
    Best regards,
    Don Kelloway
    Commodon Communications

    Visit http://www.commodon.com to learn about the "Threats to Your
    Security on the Internet".
    Don Kelloway, Nov 6, 2003
    #5
  6. Randell D.

    Randell D. Guest

    Thanks to all who replied...
    Randell D., Nov 6, 2003
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. George
    Replies:
    16
    Views:
    1,364
    Governor Swill
    Feb 1, 2005
  2. Julie P.

    Can anyone help me trace this IP address?

    Julie P., Mar 16, 2005, in forum: Computer Support
    Replies:
    8
    Views:
    1,745
    pondus
    Mar 2, 2013
  3. Annette Kurten

    Can you trace this

    Annette Kurten, Apr 3, 2005, in forum: Computer Support
    Replies:
    11
    Views:
    2,204
    Brian G
    Apr 5, 2005
  4. chris

    Can anyone trace this?

    chris, Oct 14, 2005, in forum: Computer Support
    Replies:
    9
    Views:
    567
    Mike Easter
    Oct 14, 2005
  5. simonk21

    PLEASE help me trace the source of a hacker

    simonk21, Nov 18, 2008, in forum: General Computer Support
    Replies:
    0
    Views:
    972
    simonk21
    Nov 18, 2008
Loading...

Share This Page