RE: Disturbing email

by "Juliana Halvorson" <juliana(at)graphmaster.com>

 Date:  Thu, 13 Sep 2001 19:40:11 -0600
 To:  "'Hank Marquardt'" <hmarq(at)yerpso.net>,
"'Mike Carlson'" <domitianx(at)domitianx.com>
 Cc:  <hwg-techniques(at)mail.hwg.org>
 In-Reply-To:  yerpso
  todo: View Thread, Original
Thank you everyone for your comments.

I was unable to find the headers, although with some help I have found
them.  They did not help me much though.  The IP address or domain name
do not work.  The yahoo email account is not registered as well.  Here
they are if anyone can make anything out of it.

Received: from venus.tongyang.co.kr ([128.134.28.14])
	by asgard.domainnameservers.net (8.9.3/8.9.3) with ESMTP id
QAA94659
	for <ana(at)graphmaster.com>; Thu, 13 Sep 2001 16:00:11 -0400 (EDT)
	(envelope-from alain6508rdek(at)yahoo.com)
Received: from plain (localhost [127.0.0.1])
	by venus.tongyang.co.kr (8.9.3/8.9.3) with SMTP id FAA21426;
	Fri, 14 Sep 2001 05:07:44 +0900 (KST)
Message-Id: <200109132007.FAA21426(at)venus.tongyang.co.kr>
From: ana(at)GRAPHMASTER.COM
Reply-To: alain6508rdek(at)yahoo.com
To: ana(at)GRAPHMASTER.COM
Subject: your ad to the masses. we do the work gk1108
Date: Thu, 13 Sep 2001 12:59:34
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="MimeMultipartBoundary"
X-UIDL: 1a278f62531da86704147728c29bc20b

Thanks so much!
Juliana

-----Original Message-----
From: Hank Marquardt [mailto:hmarq(at)yerpso.net] 
Sent: Thursday, September 13, 2001 6:18 PM
To: Mike Carlson
Cc: 'Hank Marquardt'; 'Juliana Halvorson'; hwg-techniques(at)mail.hwg.org
Subject: Re: Disturbing email


This is true, but that doesn't really obscure the headers; which I guess
I assumed revealed the same domain as well. ... though I may have read
too much between the lines.

On Thu, Sep 13, 2001 at 06:53:08PM -0500, Mike Carlson wrote:
> When you set up your mail client you can put anything you want as the 
> return address.
> 
> I get those in my hotmail account all the time. The sent address is 
> the address it was sent to.
> 
> ************************
> Mike Carlson
> http://www.domitianx.com
> domitianx(at)domitianx.com
> 
> Thought Of The Moment:
> 
> "My software never has bugs. It just develops random features."
> ************************
> 
> 
> 
> > -----Original Message-----
> > From: owner-hwg-techniques(at)hwg.org
> > [mailto:owner-hwg-techniques(at)hwg.org] On Behalf Of Hank Marquardt
> > Sent: Thursday, September 13, 2001 5:18 PM
> > To: Juliana Halvorson
> > Cc: hwg-techniques(at)mail.hwg.org
> > Subject: Re: Disturbing email
> > 
> > 
> > The guess would be someone used your mailserver to send you
> > email ... very little you can do to prevent this. The fact is 
> > they were really probably testing whether you could/would 
> > open relay mail elsewhere, but that probably failed so they 
> > sent you a message instead; ... check your root account on 
> > the mail server (or postmaster or whatever your default 
> > account is) and see if there are any bounced messages 
> > resulting from an outside connect trying to relay mail --
> > 
> > If you have any of those, you can reverse dns the IP and mail
> > to abuse@thatdomain, but don't hold your breath.
> > 
> > For the mail servers I run there are dozens of these attempts
> > daily -- I don't even bother with the abuse mails, all this 
> > stuff just goes to /dev/null and shows up in my security log 
> > summary in the morning.
> > 
> > If you want to see how to do this manually, do a google
> > search on "telnet smtp" or "telnet mail relay" ... you'll 
> > find something to show you a simple example of what's going 
> > on -- bottom line, if you run a mail server, people will try 
> > to use it.
> > 
> > On Thu, Sep 13, 2001 at 02:32:37PM -0600, Juliana Halvorson wrote:
> > > 
> > > My apologies if this is not the correct group.
> > > 
> > > Today I received an email where the reply to address was from my
> > > domain
> > > - although it was not from my domain!  Is there any way I 
> > can find out
> > > exactly where it came from to stop this from happening again?
> > > 
> > > Is there any legal recourse I can take to prevent this?
> > > 
> > > Any suggestions would be greatly appreciated.
> > > 
> > > Thanks in advance!
> > > Juliana
> > 
> > --
> > Hank Marquardt <hank(at)yerpso.net>
> > http://web.yerpso.net
> > 
> > Web & Database Development in PHP, MySQL/PostgreSQL
> > Small Office Networking Solutions - Debian GNU/Linux &
> > FreeBSD PHP Instructor - HTML Writers Guild 
> <http://www.hwg.org>
> *** Beginning PHP -- Starts August 20, 2001
> *** http://www.hwg.org/services/classes/p171.3.html
> 

-- 
Hank Marquardt <hank(at)yerpso.net>
http://web.yerpso.net

Web & Database Development in PHP, MySQL/PostgreSQL
Small Office Networking Solutions - Debian GNU/Linux & FreeBSD
PHP Instructor - HTML Writers Guild <http://www.hwg.org>
*** Beginning PHP -- Starts August 20, 2001 
*** http://www.hwg.org/services/classes/p171.3.html

HWG hwg-techniques mailing list archives, maintained by Webmasters @ IWA