Email - no sender
Not sure this is the right part to post this...
A member of SLT has received an email from someone, but the sender of the email is blank- no email address, no name. Nothing. They really need to find out who sent it as the contents were quite abusive. When you click forward or reply no address is present. It is in Outlook 2003, and we are using exchange 2008, if that makes a difference.
Look at the header of the email , what client are you using to view the email? Sounds like its been spoofed.. Unfortunately really easy todo... Normally impossible to trace....
If your smtp server is not set up to require authentication, the sort of thing you are talking about is very easy to do from within your organisations network.
Can you view the headers of the e-mail? They may give you some clues.
Sounds to me like they've changed the reply to email address (quite easy to achieve). Will there be any information in the headers?
Originally Posted by sippo
email headers, extract email header, view email header, find email header, copy email header
Also, cross-reference the sender IP in the headers with your VLE access logs (if it's an external sender). It's not proof, but you may get lucky if there's a VLE login on the same day.
Looking at the headers it looks as if the address is anonymous@NS35284.ovh.net
If this is Spam, then how can it put two of members of staff names in?
Hmm well if your right with it being @NS35284.ovh.net , It doesn't seem to even resolve to an IP address now so its no longer there... :S But ye it could be just spam... But if it seems more personal then maybe its a student who happens to know how to send an email without getting caught!
Its definately not a student. It's too well written, and as too much detail in it. Someone is upset somewhere...
Would the email be sent via the web?
Well if you read the header correctly and if it did come from anonymous@NS35284.ovh.net then yes it did come from the web, But im not sure if thats correct as it doesn't resolve to an ip, any chance you can post the full header of the email just blank the to address ?
Can you sanitise the headers somewhat and then post them here?
Received: from out01.mx.trendmicro.eu (188.8.131.52) by exchange.FCC.local
(10.110.33.3) with Microsoft SMTP Server (TLS) id 184.108.40.206; Thu, 21 Oct 2010
Received: from in02.mx.trendmicro.eu (unknown [10.34.88.17]) by
out01.mx.trendmicro.eu (Postfix) with ESMTP id 8DEB199195C for
<staff email address>; Thu, 21 Oct 2010 11:53:21 +0000 (UTC)
Received: from ns352841.ovh.net (unknown [220.127.116.11]) by
in02.mx.trendmicro.eu (Postfix) with ESMTP id 639A0C8E4AF for
<staff email address>; Thu, 21 Oct 2010 11:53:20 +0000 (UTC)
Received: (qmail 9290 invoked by uid 510); 21 Oct 2010 11:48:19 -0000
Date: Thu, 21 Oct 2010 11:48:19 +0000
To: <staff email address>
Subject: staff member
There looks to be an open relay at 18.104.22.168 that was used to send the message by the looks of it. You can see for yourself by running "telnet 22.214.171.124 25" and using SMTP commands to send a message SMTP Inside Out - How Internet Email Works - About Email
The way to track who sent the message (IP wise) is to contact that owner of that mail server and get them to pull the logs for this message ID email@example.com if they keep them and are willing to.
You can also do this with some mail servers by sending only to BCC recipients but again it still leaves a tracking number in the header that can be tracked by the original accepting server.
I don't know if this is still going but I also did recieve one.
From Sarah Adams Fri Jul 6 09:45:34 2012
X-Apparently-To:myemail via 126.96.36.199; Fri, 06 Jul 2012 09:45:38 -0700
Received-SPF: none (domain of ns302401.ovh.net does not designate permitted sender hosts)