+ Post New Thread
Results 1 to 13 of 13
Windows Thread, Email - no sender in Technical; Not sure this is the right part to post this... A member of SLT has received an email from someone, ...
  1. #1
    sippo's Avatar
    Join Date
    May 2008
    Location
    Swindon, Wiltshire
    Posts
    1,634
    Thank Post
    126
    Thanked 170 Times in 123 Posts
    Rep Power
    93

    Email - no sender

    Not sure this is the right part to post this...

    A member of SLT has received an email from someone, but the sender of the email is blank- no email address, no name. Nothing. They really need to find out who sent it as the contents were quite abusive. When you click forward or reply no address is present. It is in Outlook 2003, and we are using exchange 2008, if that makes a difference.

    Any idea's?

  2. #2
    Azhibberd's Avatar
    Join Date
    May 2008
    Location
    Newbury,Berkshire
    Posts
    169
    Thank Post
    20
    Thanked 21 Times in 20 Posts
    Rep Power
    16
    Look at the header of the email , what client are you using to view the email? Sounds like its been spoofed.. Unfortunately really easy todo... Normally impossible to trace....

  3. #3
    TheLibrarian
    Guest
    If your smtp server is not set up to require authentication, the sort of thing you are talking about is very easy to do from within your organisations network.

    Can you view the headers of the e-mail? They may give you some clues.

  4. #4

    Hightower's Avatar
    Join Date
    Jun 2008
    Location
    Cloud 9
    Posts
    4,920
    Thank Post
    494
    Thanked 690 Times in 444 Posts
    Rep Power
    240
    Quote Originally Posted by sippo View Post
    Not sure this is the right part to post this...

    A member of SLT has received an email from someone, but the sender of the email is blank- no email address, no name. Nothing. They really need to find out who sent it as the contents were quite abusive. When you click forward or reply no address is present. It is in Outlook 2003, and we are using exchange 2008, if that makes a difference.

    Any idea's?
    Sounds to me like they've changed the reply to email address (quite easy to achieve). Will there be any information in the headers?

    email headers, extract email header, view email header, find email header, copy email header

  5. #5


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,537
    Thank Post
    271
    Thanked 752 Times in 590 Posts
    Rep Power
    218
    Also, cross-reference the sender IP in the headers with your VLE access logs (if it's an external sender). It's not proof, but you may get lucky if there's a VLE login on the same day.

  6. #6
    sippo's Avatar
    Join Date
    May 2008
    Location
    Swindon, Wiltshire
    Posts
    1,634
    Thank Post
    126
    Thanked 170 Times in 123 Posts
    Rep Power
    93
    Looking at the headers it looks as if the address is anonymous@NS35284.ovh.net

    If this is Spam, then how can it put two of members of staff names in?

  7. #7
    Azhibberd's Avatar
    Join Date
    May 2008
    Location
    Newbury,Berkshire
    Posts
    169
    Thank Post
    20
    Thanked 21 Times in 20 Posts
    Rep Power
    16
    Hmm well if your right with it being @NS35284.ovh.net , It doesn't seem to even resolve to an IP address now so its no longer there... :S But ye it could be just spam... But if it seems more personal then maybe its a student who happens to know how to send an email without getting caught!

  8. #8
    sippo's Avatar
    Join Date
    May 2008
    Location
    Swindon, Wiltshire
    Posts
    1,634
    Thank Post
    126
    Thanked 170 Times in 123 Posts
    Rep Power
    93
    Its definately not a student. It's too well written, and as too much detail in it. Someone is upset somewhere...

    Would the email be sent via the web?

  9. #9
    Azhibberd's Avatar
    Join Date
    May 2008
    Location
    Newbury,Berkshire
    Posts
    169
    Thank Post
    20
    Thanked 21 Times in 20 Posts
    Rep Power
    16
    Well if you read the header correctly and if it did come from anonymous@NS35284.ovh.net then yes it did come from the web, But im not sure if thats correct as it doesn't resolve to an ip, any chance you can post the full header of the email just blank the to address ?

  10. #10
    TheLibrarian
    Guest
    Can you sanitise the headers somewhat and then post them here?

  11. #11
    sippo's Avatar
    Join Date
    May 2008
    Location
    Swindon, Wiltshire
    Posts
    1,634
    Thank Post
    126
    Thanked 170 Times in 123 Posts
    Rep Power
    93
    Received: from out01.mx.trendmicro.eu (216.104.20.20) by exchange.FCC.local
    (10.110.33.3) with Microsoft SMTP Server (TLS) id 8.2.254.0; Thu, 21 Oct 2010
    12:52:31 +0100
    Received: from in02.mx.trendmicro.eu (unknown [10.34.88.17]) by
    out01.mx.trendmicro.eu (Postfix) with ESMTP id 8DEB199195C for
    <staff email address>; Thu, 21 Oct 2010 11:53:21 +0000 (UTC)
    Received: from ns352841.ovh.net (unknown [91.121.87.195]) by
    in02.mx.trendmicro.eu (Postfix) with ESMTP id 639A0C8E4AF for
    <staff email address>; Thu, 21 Oct 2010 11:53:20 +0000 (UTC)
    Received: (qmail 9290 invoked by uid 510); 21 Oct 2010 11:48:19 -0000
    Date: Thu, 21 Oct 2010 11:48:19 +0000
    Message-ID: <20101021114819.9289.qmail@ns352841.ovh.net>
    To: <staff email address>
    Subject: staff member
    From:
    Reply-To:
    X-TM-AS-Product-Ver: IMHS-1.0.0.1343-6.5.0.1024-17716.007
    X-TM-AS-Result: No--1.7138-5.0-31-1
    X-TM-AS-Result-Detail: Spam:No-Score:-1.7138-Baseline:ModeratelyHigh-Other:Lowest
    MIME-Version: 1.0
    Content-Type: text/plain
    Return-Path: anonymous@ns352841.ovh.net
    X-MS-Exchange-Organization-SCL: 1

  12. #12

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    10,707
    Thank Post
    829
    Thanked 2,571 Times in 2,188 Posts
    Blog Entries
    9
    Rep Power
    731
    There looks to be an open relay at 91.121.87.195 that was used to send the message by the looks of it. You can see for yourself by running "telnet 91.121.87.195 25" and using SMTP commands to send a message SMTP Inside Out - How Internet Email Works - About Email

    The way to track who sent the message (IP wise) is to contact that owner of that mail server and get them to pull the logs for this message ID 0101021114819.9289.qmail@ns352841.ovh.net if they keep them and are willing to.

    You can also do this with some mail servers by sending only to BCC recipients but again it still leaves a tracking number in the header that can be tracked by the original accepting server.

  13. #13

    Join Date
    Jul 2012
    Location
    New Zealand
    Posts
    1
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    I don't know if this is still going but I also did recieve one.
    From Sarah Adams Fri Jul 6 09:45:34 2012
    X-Apparently-To:myemail via 98.138.85.160; Fri, 06 Jul 2012 09:45:38 -0700
    Return-Path: <anonymous@ns302401.ovh.net>
    Received-SPF: none (domain of ns302401.ovh.net does not designate permitted sender hosts)

SHARE:
+ Post New Thread

Similar Threads

  1. Sender Verification in Exchange 2003?
    By flashsnaps in forum Windows
    Replies: 3
    Last Post: 18th October 2009, 10:28 AM
  2. moodle email updation and email notification
    By monali in forum Virtual Learning Platforms
    Replies: 0
    Last Post: 3rd October 2009, 09:51 AM
  3. Have email come from distribution list email addy
    By -Jim in forum Windows Server 2000/2003
    Replies: 5
    Last Post: 31st March 2009, 10:04 PM
  4. A simple jabber cli message sender?
    By localzuk in forum Windows
    Replies: 2
    Last Post: 22nd May 2007, 12:55 PM
  5. tracing sender of hotmail message
    By beeswax in forum How do you do....it?
    Replies: 8
    Last Post: 30th November 2006, 09:33 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •