Forged Sender

Discussion in 'Email Discussions' started by nic1027, Nov 21, 2010.

  1. nic1027

    nic1027 New Email

    Joined:
    Nov 21, 2010
    Messages:
    2
    Likes Received:
    0
    Help!

    Someone I know sent that is a frequent email contact of mine had to of forged an email "sent" from me to him. I don't want to get into the specifics of why this person would do this, but I absolutely did not send the email in question; my account was not hacked; and after comparing the header to the email in question to others that I've sent, it looks like nothing I've ever seen. Alsom there are no other suspicious emails in my account, not even spam messages.

    Please note - the email header in question DOES contain my IP address - which I found to be compltely trackable, all the way down to the name of my cable provider and my zip code.

    Would someone be willing to look at the header and try and help me determine at least that I DID NOT send this email?

    If so, please let me know and I will gladly post it.

    Kind Regards,

    Cathleen
     


  2. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,997
    Likes Received:
    120
    Hi Cathleen,

    Sure, no problem. Please feel free to post the full email headers from both an email you sent and from an email that you suspect was forged.

    :welcome: to Email Questions!
     

  3. nic1027

    nic1027 New Email

    Joined:
    Nov 21, 2010
    Messages:
    2
    Likes Received:
    0
    Hi,

    Thank you for responding! First I will post a normal header from an email I sent to the same person. I deleted the content of the message - only included the header:

    MIME-Version: 1.0
    Received: by 10.216.181.21 with HTTP; Thu, 18 Nov 2010 11:07:47 -0800 (PST)
    Date: Thu, 18 Nov 2010 14:07:47 -0500
    Delivered-To: cathleencouch@gmail.com
    Message-ID: <AANLkTi=mW+FmApArijF+gv2U0ZKzJh8=6j9Mq4hhtTb+@mail.gmail.com>
    Subject: Professional Misconduct
    From: Cathleen Couch <cathleencouch@gmail.com>
    To: Ben Berlin <Ben@benberlinlaw.com>
    Content-Type: multipart/alternative; boundary=0016e6dbdf5b68bf4004955881cb

    --0016e6dbdf5b68bf4004955881cb
    Content-Type: text/plain; charset=ISO-8859-1

    Next I will post the header from the suspicious email - please note that I suspect the "recipent" to be the actual sender and also note that the IP address and system info following the "Received From" line is actually MY information! When every other single email I've ever sent says "received by" and contains the recipients info? Also, after going through over a hundred emails I've sent, not one header starts with "return path" and has my gmail address. OK, header of suspicious email is below: Thanks!

    Return-Path: <cathleencouch@gmail.com>
    Received: from acere817fae0d8 (cpe-68-173-51-63.nyc.res.rr.com [68.173.51.63])
    by mx.google.com with ESMTPS id x9sm2790213qco.46.2010.11.06.12.19.43
    (version=TLSv1/SSLv3 cipher=RC4-MD5);
    Sat, 06 Nov 2010 12:19:44 -0700 (PDT)
    From: "Cathleen Couch" <cathleencouch@gmail.com>
    To: "'Ben Berlin'" <Ben@benberlinlaw.com>
    In-Reply-To: <!&!AAAAAAAAAAAYAAAAAAAAAFFFcrdFMBhGlQtn16qx2xLCgAAAEAAAAFtPf9LHBhpFiaQ5b+ZMvVIBAAAAAA==@benberlinlaw.com>
    Subject: Not read: Couch Morfit visitation - Tomorrow and going forward.
    Date: Sat, 6 Nov 2010 15:19:35 -0400
    Message-ID: <000a01cb7de7$8edac350$ac9049f0$@com>
    MIME-Version: 1.0
    Content-Type: multipart/report;
    report-type=disposition-notification;
    boundary="----=_NextPart_000_000B_01CB7DC6.07C92350"
    X-Priority: 1 (Highest)
    X-MSMail-Priority: High
    X-Mailer: Microsoft Office Outlook 12.0
    Importance: High
    Thread-Index: ActZ+E0w35Xi7LTrQZujZT5rsQ89eQj7z1/k

    This is a multipart message in MIME format.

    ------=_NextPart_000_000B_01CB7DC6.07C92350
    Content-Type: multipart/alternative;
    boundary="----=_NextPart_001_000C_01CB7DC6.07C92350"


    ------=_NextPart_001_000C_01CB7DC6.07C92350
    Content-Type: text/plain;
    charset="iso-8859-1"
    Content-Transfer-Encoding: 7bit

    Your message

    To: 'Maria Coffinas'; 'tonydefender'
    Subject: Couch Morfit visitation - Tomorrow and going forward.
    Sent: 9/21/2010 9:48 PM

    was deleted on 11/6/2010 3:19 PM.
     
  4. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,997
    Likes Received:
    120
    What is the source of the email headers?

    The headers say that an email was received by Gmail from your IP address.

    It is very odd that your Time Warner connection would be used to send an email directly to Gmail.

    I would expect you to be sending an email through the road runner smtp relays such as smtp-server.nyc.rr.com

    What is your SMTP server setting? Do you use Gmail or Time Warner for sending email?

    Also, their domain does not appear to be hosted by anything related to Google, but hosted by Network Solutions :

    ;; ANSWER SECTION:
    benberlinlaw.com. 7200 IN MX 10 inbound.benberlinlaw.com.netsolmail.net.

    ;; ANSWER SECTION:
    7.149.178.205.in-addr.arpa. 36000 IN PTR mail.networksolutionsemail.com.

    I agree that something does not seem right here.

    Remember, you can only trust the email headers created by a mail server that you control.
     

Want to reply or ask your own question?

It only takes a minute to sign up (and it's free!). Click the orange sign up button to choose a username and then you can ask your own questions on the forum.
Loading...