[Hidden-tech] Can anyone explain what is going on here and what I should do about it?
Shel Horowitz
shel at shelhorowitz.com
Sat Mar 23 11:33:13 UTC 2019
I just got another one with a visual (spam) ad attached. It shows the
origination address:
---------- Forwarded message ----------
From: Fat Burning Keto <email at myip83.megadealio.download>
To: shel at mail9.mywordapps.site
And following Eli's suggestion, I was able to get the full header. Pasting
it below, and then I'll go back and find one of the earlier ones and paste
it into a different message. I notice that both NDNs were delivered to my
Gmail address (which I never give out, although sometimes real replies go
to it) but referencec shel at shelhorowitz.com in the headers.
Delivered-To: shelhoro at gmail.com
Received: by 2002:a02:9867:0:0:0:0:0 with SMTP id x36csp1565547jaj;
Fri, 22 Mar 2019 21:39:06 -0700 (PDT)
X-Google-Smtp-Source:
APXvYqyC4rw9gwX7Id2fYS+G2mx8DQq1nUASIoRsFq62JqYo+cV1Jdhxn0X9FnNornD1GF1KJ00zPf2OiSU=
X-Received: by 2002:a02:b46c:: with SMTP id w41mr9284024jaj.83.1553315945961;
Fri, 22 Mar 2019 21:39:05 -0700 (PDT)
Authentication-Results: mx.google.com;
spf=permerror (google.com: permanent error in processing during
lookup of postmaster: );
dkim=pass header.i=@googlemail.com header.s=20161025 header.b="ZlV3oL/q"
Received-SPF: permerror (google.com: permanent error in processing
during lookup of postmaster: ) client-ip=209.85.221.67;
Received: by 2002:a6b:5a0d:: with POP3 id o13mf9773533iob.9;
Fri, 22 Mar 2019 21:39:05 -0700 (PDT)
X-Gmail-Fetch-Info: shel at shelhorowitz.com 3 mail.shelhorowitz.com 110
shel at shelhorowitz.com
Return-Path: <>
Delivered-To: shel at shelhorowitz.com
Received: from gator3323.hostgator.com by gator3323.hostgator.com with
LMTP id aL9dL/6zlVwz1wgATgj41w for <shel at shelhorowitz.com>; Fri, 22
Mar 2019 23:20:14 -0500
Return-path: <>
Envelope-to: shel at shelhorowitz.com
Delivery-date: Fri, 22 Mar 2019 23:20:14 -0500
Received: from mail-wr1-f67.google.com ([209.85.221.67]:42939) by
gator3323.hostgator.com with esmtps
(TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.91) id
1h7Y8k-002TIs-EV for shel at shelhorowitz.com; Fri, 22 Mar 2019 23:20:14
-0500
Received: by mail-wr1-f67.google.com with SMTP id g3so884291wrx.9
for <shel at shelhorowitz.com>; Fri, 22 Mar 2019 21:20:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlemail.com; s=20161025;
h=from:to:auto-submitted:subject:references:in-reply-to:message-id
:date;
bh=a0G1FZcDvupL2UAFzBatCkbDstTfgJpdAr2VXPft0FM=;
b=ZlV3oL/q9UbJobDV1qm1dz3u7nq0ThBvZhHeiO1UPTuR0HTuukeQkWGlrudwf/JCP9
ENHLE56SbOG0v5Nv1upMaXFO99RnfQZuOdbmONPJuijtwrNcgPCLv+JNpW1T86RasKML
0HyyVIFDl7Kc9BPV5HfKPp3fK2Kzc5QyJ8EORhpUIB1jFLYA1n4XGYVpjh2UrQUhEDg9
7D3pvKXJliX2kB52BCI09otD9byNj95MmEY+c9d7a2wxk6i4fHXslCU30TrxHPA2w0Ai
d/q+lwrNqt5d3s7OIshGl9wxo3MFf1eirV9vpCYVk6mamIDVSkNSnKAOOPGmZTF3230R
2kWg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:from:to:auto-submitted:subject:references
:in-reply-to:message-id:date;
bh=a0G1FZcDvupL2UAFzBatCkbDstTfgJpdAr2VXPft0FM=;
b=AMJ5yFWo4lmgZ65CQmvWzGaeXTJSct1NDwwNBetvcI/ytQnIW9t/gV568I9y/XZ4zC
9dOlMQtAxtI6UxrFzWpaGHLk+hR5RAdSNrhAOXrf8ZGfCYCFuX3OiNYsHlsfhpVw2Scs
a+hXRANaMcYyA0QmoL9ctmzZ98diNo1XikCI9O6xfxTnlWoq0m+K3y5+FXDjr9L4UNli
ReMxJtO5xMDysYlmwZdbgZyeBLq9Kz2BS2MHrxPsdRdp/WDcmtSXP3Xl0JphKwubLr/o
dZagu7oDX7BiaxATdAUIbOYBhEMcyIPcDz13QwPggx2DRGCaOhajEb8D5FkorPaV4lzK
G/Pw==
X-Gm-Message-State:
APjAAAUZXXCcAC8p6G5WSkFL9mQPrFivsT3xH0z+gBF+IJtCLlxbQHvL
wTR5gV8IHjbudsmqjtS8jVxAW/elDZn3N0OOJ80ZBw==
X-Received: by 2002:adf:de8d:: with SMTP id w13mr8338646wrl.26.1553314801725;
Fri, 22 Mar 2019 21:20:01 -0700 (PDT)
Content-Type: multipart/report;
boundary="000000000000fb2c460584bb4878"; report-type=delivery-status
Received: by 2002:adf:de8d:: with SMTP id w13mr6777161wrl.26; Fri, 22
Mar 2019 21:20:01 -0700 (PDT)
From: Mail Delivery Subsystem <mailer-daemon at googlemail.com>
To: shel at shelhorowitz.com
Auto-Submitted: auto-replied
Subject: Delivery Status Notification (Failure)
References: <ed3e8cbc-2353-7608-30b5-2f5683a4c0d3 at shelhorowitz.com>
In-Reply-To: <ed3e8cbc-2353-7608-30b5-2f5683a4c0d3 at shelhorowitz.com>
X-Failed-Recipients: shel at yahoo.com
Message-ID: <5c95b3f1.1c69fb81.d76b3.e816.GMR at mx.google.com>
Date: Fri, 22 Mar 2019 21:20:01 -0700 (PDT)
--000000000000fb2c460584bb4878
Content-Type: multipart/related; boundary="000000000000fb2d210584bb487c"
--000000000000fb2d210584bb487c
Content-Type: multipart/alternative; boundary="000000000000fb2d270584bb487d"
--000000000000fb2d270584bb487d
Content-Type: text/plain; charset="UTF-8"
** Message not delivered **
There was a problem delivering your message to shel at yahoo.com. See the
technical details below, or try resending in a few minutes.
The response from the remote server was:
554 delivery error: dd Requested mail action aborted -
mta4015.mail.gq1.yahoo.com
AND HERE IS THE SECOND HEADER
Shel Horowitz - "The Transformpreneur"(sm)
________________________________________________
Watch (and please share) my TEDx Talk,
"Impossible is a Dare: Business for a Better World"
*http://www.ted.com/tedx/events/11809
<http://www.ted.com/tedx/events/11809>*
Contact me to bake in profitability while addressing hunger,
poverty, war, and catastrophic climate change
Twitter: @shelhorowitz
* First business ever to be Green America Gold Certified
* Inducted into the National Environmental Hall of Fame
http://goingbeyondsustainability.com
http://transformpreneur.com
mailto:shel at greenandprofitable.com * 413-586-2388
Award-winning, best-selling author of 10 books. Latest:
Guerrilla Marketing to Heal the World (co-authored with Jay Conrad Levinson)
_________________________________________________
On Wed, Mar 20, 2019 at 2:09 PM Elijah Gwynn <eli at egwynn.com> wrote:
> Shel, the header from the automated bounce message might still indicate
> which mail system decided the bounce message should go to you and,
> potentially, by what means it made that decision.
>
> If you follow the steps here
> <https://support.google.com/mail/answer/29436?hl=en> you should be able
> to get some more headers to paste to us.
>
> Eli
>
> On 20 Mar 2019, at 13:31, Shel Horowitz via Hidden-discuss wrote:
>
> No human being sent this. Pretty sure it was a bot and I didn't recognize
> any of the addresses mentioned.I got four or five of those messages.
>
>
> Shel Horowitz - "The Transformpreneur"(sm)
> ________________________________________________
> Watch (and please share) my TEDx Talk,
> "Impossible is a Dare: Business for a Better World"
> *http://www.ted.com/tedx/events/11809
> <http://www.ted.com/tedx/events/11809>*
>
> Contact me to bake in profitability while addressing hunger,
> poverty, war, and catastrophic climate change
>
> Twitter: @shelhorowitz
>
> * First business ever to be Green America Gold Certified
> * Inducted into the National Environmental Hall of Fame
>
> http://goingbeyondsustainability.com
> http://transformpreneur.com
> mailto:shel at greenandprofitable.com * 413-586-2388
> Award-winning, best-selling author of 10 books. Latest:
> Guerrilla Marketing to Heal the World (co-authored with Jay Conrad
> Levinson)
>
> _________________________________________________
>
>
> On Wed, Mar 20, 2019 at 1:15 PM Michael Muller <tech at montaguewebworks.com>
> wrote:
>
>> Shel,
>>
>> So... someone forwarded you the bounced email? Do you know this person?
>>
>> If the answer to both questions is yes, then one theory is the original
>> email was sent ...
>>
>> - *From:* "Shel Horowitz" <friend at myip92.asyncjs.date>
>> <friend at myip92.asyncjs.date>
>>
>> ... and the person who owns the friend at myip92.asyncjs.date email address
>> received a bunch of bounces, and saw your name associated with the original
>> email and forwarded it to you wondering why they were getting a bunch of
>> bounces.
>>
>> Sometimes this stuff is so difficult to trace.
>>
>> Mik
>>
>> ---
>> Mik Muller, president
>> Montague WebWorks
>> 50 Miles Street, Greenfield, MA
>> 413-320-5336http://MontagueWebWorks.com
>> Powered by ROCKETFUSION
>>
>> On 3/20/2019 12:54 PM, Shel Horowitz wrote:
>>
>> Rob, I have Gmail. Mik, this is all I can get resembling a header, sincde
>> it came as a forward.:
>>
>> The response was:
>>
>> The email account that you tried to reach is disabled. Learn more at
>> https://support.google.com/mail/?p=DisabledUser v2sor1434906wrw.17 -
>> gsmtp
>>
>>
>>
>> ---------- Forwarded message ----------
>> From: friend at myip92.asyncjs.date
>> To: discuss at alias18.per2domain.live
>> Cc:
>> Bcc:
>> Date: Tue, 19 Mar 2019 12:04:13 +0000
>> Subject:
>> Sed et ut
>>
>> Shel Horowitz - "The Transformpreneur"(sm)
>> ________________________________________________
>> Watch (and please share) my TEDx Talk,
>> "Impossible is a Dare: Business for a Better World"
>> *http://www.ted.com/tedx/events/11809
>> <http://www.ted.com/tedx/events/11809>*
>>
>> Contact me to bake in profitability while addressing hunger,
>> poverty, war, and catastrophic climate change
>>
>> Twitter: @shelhorowitz
>>
>> * First business ever to be Green America Gold Certified
>> * Inducted into the National Environmental Hall of Fame
>>
>> http://goingbeyondsustainability.com
>> http://transformpreneur.com
>> mailto:shel at greenandprofitable.com * 413-586-2388
>> Award-winning, best-selling author of 10 books. Latest:
>> Guerrilla Marketing to Heal the World (co-authored with Jay Conrad
>> Levinson)
>>
>> _________________________________________________
>>
>>
>> On Wed, Mar 20, 2019 at 11:51 AM Rob Laporte <rob at 2disc.com> wrote:
>>
>>> Hi Shell and All,
>>>
>>> My firm has been getting a dribbling of these same types of emails for a
>>> few weeks now, and we use Microsoft hosted email, so wonder if they are
>>> being hacked. Shell, what is your email service? We're investigating this
>>> problem today or tomorrow, and I'll share what we find.
>>>
>>> Best Regards,
>>>
>>>
>>> Rob Laporte| SEO Specialist, CEO
>>>
>>> DISC, Inc. - Making Websites Make Money
>>>
>>> 413-584-6500
>>>
>>> rob at 2disc.com
>>>
>>> www.2disc.com
>>>
>>> *NOTE:* Emails can be blocked by spam filters throughout the web. If
>>> you don’t get a reply within an expected span of time, please call.
>>>
>>> ------------------------------
>>> *From:* Hidden-discuss <hidden-discuss-bounces at lists.hidden-tech.net>
>>> on behalf of Shel Horowitz via Hidden-discuss <
>>> hidden-discuss at lists.hidden-tech.net>
>>> *Sent:* Wednesday, March 20, 2019 9:23 AM
>>> *To:* Hidden-Tech Tech
>>> *Subject:* [Hidden-tech] Can anyone explain what is going on here and
>>> what I should do about it?
>>>
>>>
>>> Below is a forwarded non-delivery message to an address I've never heard
>>> of and seemingly in response to something sent by someone I've never heard
>>> of. I don't see that they are spoofing my email address. Can anyone explain
>>> why I am getting these and if I need to do anything? I got a bunch of them
>>> today.
>>>
>>> ---------- Forwarded message ---------
>>> From: *Mail Delivery Subsystem* <mailer-daemon at googlemail.com>
>>> Date: Tue, Mar 19, 2019, 8:16 AM
>>> Subject: Delivery Status Notification (Failure)
>>> To: <shel at shelhorowitz.com>
>>>
>>>
>>> [image: Error Icon]
>>> Address not found
>>> Your message wasn't delivered to *many at birdseyedeal.com* because the
>>> address couldn't be found, or is unable to receive mail.
>>> LEARN MORE <https://support.google.com/mail/?p=DisabledUser>
>>> The response was:
>>>
>>> The email account that you tried to reach is disabled. Learn more at
>>> https://support.google.com/mail/?p=DisabledUser f2sor8972495wro.20 -
>>> gsmtp
>>>
>>>
>>>
>>> ---------- Forwarded message ----------
>>> From: friend at myip19.masterload.loan
>>> To: many at alias16.per2domain.live
>>> Cc:
>>> Bcc:
>>> Date: Tue, 19 Mar 2019 09:37:04 +0000
>>> Subject:
>>> Et ut
>>>
>> _______________________________________________
> Hidden-discuss mailing list - home page: http://www.hidden-tech.net
> Hidden-discuss at lists.hidden-tech.net
>
> You are receiving this because you are on the Hidden-Tech Discussion list.
> If you would like to change your list preferences, Go to the Members
> page on the Hidden Tech Web site.
> http://www.hidden-tech.net/members
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.hidden-tech.net/pipermail/hidden-discuss/attachments/20190323/ae0e32ea/attachment-0001.html>
More information about the Hidden-discuss
mailing list