Windows Thread, Email - no sender in Technical; Not sure this is the right part to post this...
A member of SLT has received an email from someone, ...
21st October 2010, 02:33 PM #1
Email - no sender
Not sure this is the right part to post this...
A member of SLT has received an email from someone, but the sender of the email is blank- no email address, no name. Nothing. They really need to find out who sent it as the contents were quite abusive. When you click forward or reply no address is present. It is in Outlook 2003, and we are using exchange 2008, if that makes a difference.
21st October 2010, 02:35 PM #2
Look at the header of the email , what client are you using to view the email? Sounds like its been spoofed.. Unfortunately really easy todo... Normally impossible to trace....
21st October 2010, 02:36 PM #3
If your smtp server is not set up to require authentication, the sort of thing you are talking about is very easy to do from within your organisations network.
Can you view the headers of the e-mail? They may give you some clues.
21st October 2010, 02:37 PM #4
Sounds to me like they've changed the reply to email address (quite easy to achieve). Will there be any information in the headers?
Originally Posted by sippo
email headers, extract email header, view email header, find email header, copy email header
21st October 2010, 02:42 PM #5
Also, cross-reference the sender IP in the headers with your VLE access logs (if it's an external sender). It's not proof, but you may get lucky if there's a VLE login on the same day.
21st October 2010, 02:56 PM #6
Looking at the headers it looks as if the address is anonymous@NS35284.ovh.net
If this is Spam, then how can it put two of members of staff names in?
21st October 2010, 03:21 PM #7
Hmm well if your right with it being @NS35284.ovh.net , It doesn't seem to even resolve to an IP address now so its no longer there... :S But ye it could be just spam... But if it seems more personal then maybe its a student who happens to know how to send an email without getting caught!
21st October 2010, 04:21 PM #8
Its definately not a student. It's too well written, and as too much detail in it. Someone is upset somewhere...
Would the email be sent via the web?
21st October 2010, 04:24 PM #9
Well if you read the header correctly and if it did come from anonymous@NS35284.ovh.net then yes it did come from the web, But im not sure if thats correct as it doesn't resolve to an ip, any chance you can post the full header of the email just blank the to address ?
21st October 2010, 04:27 PM #10
Can you sanitise the headers somewhat and then post them here?
22nd October 2010, 09:33 AM #11
Received: from out01.mx.trendmicro.eu (126.96.36.199) by exchange.FCC.local
(10.110.33.3) with Microsoft SMTP Server (TLS) id 188.8.131.52; Thu, 21 Oct 2010
Received: from in02.mx.trendmicro.eu (unknown [10.34.88.17]) by
out01.mx.trendmicro.eu (Postfix) with ESMTP id 8DEB199195C for
<staff email address>; Thu, 21 Oct 2010 11:53:21 +0000 (UTC)
Received: from ns352841.ovh.net (unknown [184.108.40.206]) by
in02.mx.trendmicro.eu (Postfix) with ESMTP id 639A0C8E4AF for
<staff email address>; Thu, 21 Oct 2010 11:53:20 +0000 (UTC)
Received: (qmail 9290 invoked by uid 510); 21 Oct 2010 11:48:19 -0000
Date: Thu, 21 Oct 2010 11:48:19 +0000
To: <staff email address>
Subject: staff member
22nd October 2010, 10:44 AM #12
There looks to be an open relay at 220.127.116.11 that was used to send the message by the looks of it. You can see for yourself by running "telnet 18.104.22.168 25" and using SMTP commands to send a message SMTP Inside Out - How Internet Email Works - About Email
The way to track who sent the message (IP wise) is to contact that owner of that mail server and get them to pull the logs for this message ID firstname.lastname@example.org if they keep them and are willing to.
You can also do this with some mail servers by sending only to BCC recipients but again it still leaves a tracking number in the header that can be tracked by the original accepting server.
7th July 2012, 05:47 AM #13
- Rep Power
I don't know if this is still going but I also did recieve one.
From Sarah Adams Fri Jul 6 09:45:34 2012
X-Apparently-To:myemail via 22.214.171.124; Fri, 06 Jul 2012 09:45:38 -0700
Received-SPF: none (domain of ns302401.ovh.net does not designate permitted sender hosts)
By flashsnaps in forum Windows
Last Post: 18th October 2009, 11:28 AM
By monali in forum Virtual Learning Platforms
Last Post: 3rd October 2009, 10:51 AM
By -Jim in forum Windows Server 2000/2003
Last Post: 31st March 2009, 11:04 PM
By localzuk in forum Windows
Last Post: 22nd May 2007, 01:55 PM
By beeswax in forum How do you do....it?
Last Post: 30th November 2006, 10:33 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)