从已知地址名称和本地主机接收网络钓鱼/垃圾邮件

从已知地址名称和本地主机接收网络钓鱼/垃圾邮件

我们正在使用 SmarterMail 11.2,并且收到来自我们地址簿中发件人的垃圾邮件(仅限姓名,不同的电子邮件)。在标题中,我看到“已收到:来自本地主机”和其他可疑内容。过去,这可能是一个被盗用的电子邮件帐户,但我们已经更改了密码,不相信这里的情况如此。

注意:“[我的通讯录中的名字]”显示名称是我认识的,但电子邮件地址不是

例子:

Return-Path: <[email protected]>
Received: from lead.intertech.net (Lead.intertech.net [24.223.0.82]) by dns19.tntsupport.net with SMTP;
   Mon, 13 May 2013 10:09:39 -0500
Received: from localhost (lead.intertech.net [127.0.0.1])
    by lead.intertech.net (interTECH) with ESMTP id 8668663E92B
    for <MY EMAIL ADDRESS>; Mon, 13 May 2013 09:02:18 -0600 (MDT)
X-Virus-Scanned: amavisd-new at lead.intertech.net
Received: from lead.intertech.net ([127.0.0.1])
    by localhost (lead.intertech.net [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id Di0eiZ8JSOQr for <MY EMAIL ADDRESS>;
    Mon, 13 May 2013 09:02:17 -0600 (MDT)
Received: from localhost (unknown [112.208.70.163])
    by lead.intertech.net (interTECH) with ESMTPSA id 835F063E8F6
    for <MY EMAIL ADDRESS>; Mon, 13 May 2013 09:02:14 -0600 (MDT)
From: [NAME FROM MY ADDRESS BOOK] <[email protected]>
Reply-To: [NAME FROM MY ADDRESS BOOK] <[email protected]>
Subject: Fwd: for [MY FIRST NAME]
To: <MY EMAIL ADDRESS>
MIME-Version: 1.0
Date: Mon, 13 May 2013 08:02:46 -0800 (PST)
Content-Type: text/plain; charset=us-ascii
Message-Id: <[email protected]>
X-SmarterMail-Spam: Commtouch 0 [value: Unknown], SPF_Pass, DK_None, DKIM_None, Custom Rules [], HostKarma - Whitelist
X-CTCH-RefId: str=0001.0A010209.5191025B.003C:SCFSTAT14621567,ss=1,re=-4.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0
X-SmarterMail-TotalSpamWeight: 0

hey. what do you think about this? http://www.35lezarts.fr/advertisingbunchbriangordon/


Sent from my iPhone

答案1

你不必相信Received:邮件头中的任何内容,除了与直接联系的邮件服务器相对应的邮件头。你的邮件服务器。这些很容易被伪造。然而,添加的通过您自己的服务器确实是足够真实的。

读到这里,我会相信与您的邮件服务器收到的邮件相对应的有效 Received: 标头是这样的:

Received: from lead.intertech.net (Lead.intertech.net [24.223.0.82]) by dns19.tntsupport.net with SMTP;
    Mon, 13 May 2013 10:09:39 -0500

自从24.223.0.82 列出的滥用联系人[email protected],而且似乎是 PI 地址空间,我建议直接将他们拉黑,除非你真的知道这家公司是谁。在这种情况下,你应该打电话给他们,找合适的人来大喊大叫。

相关内容