[Hidden-tech] Can anyone explain what is going on here and what I should do about it?
Robert Heller
heller at deepsoft.com
Sat Mar 23 14:26:49 UTC 2019
At Sat, 23 Mar 2019 07:33:13 -0400 Shel Horowitz <shel at shelhorowitz.com> wrote:
>
>
>
> I just got another one with a visual (spam) ad attached. It shows the
> origination address:
>
> ---------- Forwarded message ----------
> From: Fat Burning Keto <email at myip83.megadealio.download>
> To: shel at mail9.mywordapps.site
>
> And following Eli's suggestion, I was able to get the full header. Pasting
> it below, and then I'll go back and find one of the earlier ones and paste
> it into a different message. I notice that both NDNs were delivered to my
> Gmail address (which I never give out, although sometimes real replies go
> to it) but referencec shel at shelhorowitz.com in the headers.
It is likely that however your E-Mail was harvested, the people who harvested
it, also got the "full headers" and found all of the information there.
>
> Delivered-To: shelhoro at gmail.com
>
> Received: by 2002:a02:9867:0:0:0:0:0 with SMTP id x36csp1565547jaj;
> Fri, 22 Mar 2019 21:39:06 -0700 (PDT)
> X-Google-Smtp-Source:
> APXvYqyC4rw9gwX7Id2fYS+G2mx8DQq1nUASIoRsFq62JqYo+cV1Jdhxn0X9FnNornD1GF1KJ00zPf2OiSU=
> X-Received: by 2002:a02:b46c:: with SMTP id w41mr9284024jaj.83.1553315945961;
> Fri, 22 Mar 2019 21:39:05 -0700 (PDT)
> Authentication-Results: mx.google.com;
> spf=permerror (google.com: permanent error in processing during
> lookup of postmaster: );
> dkim=pass header.i=@googlemail.com header.s=20161025 header.b="ZlV3oL/q"
> Received-SPF: permerror (google.com: permanent error in processing
> during lookup of postmaster: ) client-ip=209.85.221.67;
> Received: by 2002:a6b:5a0d:: with POP3 id o13mf9773533iob.9;
> Fri, 22 Mar 2019 21:39:05 -0700 (PDT)
> X-Gmail-Fetch-Info: shel at shelhorowitz.com 3 mail.shelhorowitz.com 110
> shel at shelhorowitz.com
> Return-Path: <>
> Delivered-To: shel at shelhorowitz.com
> Received: from gator3323.hostgator.com by gator3323.hostgator.com with
> LMTP id aL9dL/6zlVwz1wgATgj41w for <shel at shelhorowitz.com>; Fri, 22
> Mar 2019 23:20:14 -0500
> Return-path: <>
> Envelope-to: shel at shelhorowitz.com
> Delivery-date: Fri, 22 Mar 2019 23:20:14 -0500
> Received: from mail-wr1-f67.google.com ([209.85.221.67]:42939) by
> gator3323.hostgator.com with esmtps
> (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.91) id
> 1h7Y8k-002TIs-EV for shel at shelhorowitz.com; Fri, 22 Mar 2019 23:20:14
> -0500
> Received: by mail-wr1-f67.google.com with SMTP id g3so884291wrx.9
> for <shel at shelhorowitz.com>; Fri, 22 Mar 2019 21:20:09 -0700 (PDT)
> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
> d=googlemail.com; s=20161025;
> h=from:to:auto-submitted:subject:references:in-reply-to:message-id
> :date;
> bh=a0G1FZcDvupL2UAFzBatCkbDstTfgJpdAr2VXPft0FM=;
> b=ZlV3oL/q9UbJobDV1qm1dz3u7nq0ThBvZhHeiO1UPTuR0HTuukeQkWGlrudwf/JCP9
> ENHLE56SbOG0v5Nv1upMaXFO99RnfQZuOdbmONPJuijtwrNcgPCLv+JNpW1T86RasKML
> 0HyyVIFDl7Kc9BPV5HfKPp3fK2Kzc5QyJ8EORhpUIB1jFLYA1n4XGYVpjh2UrQUhEDg9
> 7D3pvKXJliX2kB52BCI09otD9byNj95MmEY+c9d7a2wxk6i4fHXslCU30TrxHPA2w0Ai
> d/q+lwrNqt5d3s7OIshGl9wxo3MFf1eirV9vpCYVk6mamIDVSkNSnKAOOPGmZTF3230R
> 2kWg==
> X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
> d=1e100.net; s=20161025;
> h=x-gm-message-state:from:to:auto-submitted:subject:references
> :in-reply-to:message-id:date;
> bh=a0G1FZcDvupL2UAFzBatCkbDstTfgJpdAr2VXPft0FM=;
> b=AMJ5yFWo4lmgZ65CQmvWzGaeXTJSct1NDwwNBetvcI/ytQnIW9t/gV568I9y/XZ4zC
> 9dOlMQtAxtI6UxrFzWpaGHLk+hR5RAdSNrhAOXrf8ZGfCYCFuX3OiNYsHlsfhpVw2Scs
> a+hXRANaMcYyA0QmoL9ctmzZ98diNo1XikCI9O6xfxTnlWoq0m+K3y5+FXDjr9L4UNli
> ReMxJtO5xMDysYlmwZdbgZyeBLq9Kz2BS2MHrxPsdRdp/WDcmtSXP3Xl0JphKwubLr/o
> dZagu7oDX7BiaxATdAUIbOYBhEMcyIPcDz13QwPggx2DRGCaOhajEb8D5FkorPaV4lzK
> G/Pw==
> X-Gm-Message-State:
> APjAAAUZXXCcAC8p6G5WSkFL9mQPrFivsT3xH0z+gBF+IJtCLlxbQHvL
> wTR5gV8IHjbudsmqjtS8jVxAW/elDZn3N0OOJ80ZBw==
> X-Received: by 2002:adf:de8d:: with SMTP id w13mr8338646wrl.26.1553314801725;
> Fri, 22 Mar 2019 21:20:01 -0700 (PDT)
> Content-Type: multipart/report;
> boundary="000000000000fb2c460584bb4878"; report-type=delivery-status
> Received: by 2002:adf:de8d:: with SMTP id w13mr6777161wrl.26; Fri, 22
> Mar 2019 21:20:01 -0700 (PDT)
> From: Mail Delivery Subsystem <mailer-daemon at googlemail.com>
> To: shel at shelhorowitz.com
> Auto-Submitted: auto-replied
> Subject: Delivery Status Notification (Failure)
> References: <ed3e8cbc-2353-7608-30b5-2f5683a4c0d3 at shelhorowitz.com>
> In-Reply-To: <ed3e8cbc-2353-7608-30b5-2f5683a4c0d3 at shelhorowitz.com>
> X-Failed-Recipients: shel at yahoo.com
> Message-ID: <5c95b3f1.1c69fb81.d76b3.e816.GMR at mx.google.com>
> Date: Fri, 22 Mar 2019 21:20:01 -0700 (PDT)
>
> --000000000000fb2c460584bb4878
> Content-Type: multipart/related; boundary="000000000000fb2d210584bb487c"
>
> --000000000000fb2d210584bb487c
> Content-Type: multipart/alternative; boundary="000000000000fb2d270584bb487d"
>
> --000000000000fb2d270584bb487d
> Content-Type: text/plain; charset="UTF-8"
>
>
> ** Message not delivered **
>
> There was a problem delivering your message to shel at yahoo.com. See the
> technical details below, or try resending in a few minutes.
>
>
>
> The response from the remote server was:
> 554 delivery error: dd Requested mail action aborted -
> mta4015.mail.gq1.yahoo.com
>
> AND HERE IS THE SECOND HEADER
>
>
>
>
>
>
> Shel Horowitz - "The Transformpreneur"(sm)
> ________________________________________________
> Watch (and please share) my TEDx Talk,
> "Impossible is a Dare: Business for a Better World"
> *http://www.ted.com/tedx/events/11809
> <http://www.ted.com/tedx/events/11809>*
>
> Contact me to bake in profitability while addressing hunger,
> poverty, war, and catastrophic climate change
>
> Twitter: @shelhorowitz
>
> * First business ever to be Green America Gold Certified
> * Inducted into the National Environmental Hall of Fame
>
> http://goingbeyondsustainability.com
> http://transformpreneur.com
> mailto:shel at greenandprofitable.com * 413-586-2388
> Award-winning, best-selling author of 10 books. Latest:
> Guerrilla Marketing to Heal the World (co-authored with Jay Conrad Levinson)
>
> _________________________________________________
>
>
> On Wed, Mar 20, 2019 at 2:09 PM Elijah Gwynn <eli at egwynn.com> wrote:
>
> > Shel, the header from the automated bounce message might still indicate
> > which mail system decided the bounce message should go to you and,
> > potentially, by what means it made that decision.
> >
> > If you follow the steps here
> > <https://support.google.com/mail/answer/29436?hl=en> you should be able
> > to get some more headers to paste to us.
> >
> > Eli
> >
> > On 20 Mar 2019, at 13:31, Shel Horowitz via Hidden-discuss wrote:
> >
> > No human being sent this. Pretty sure it was a bot and I didn't recognize
> > any of the addresses mentioned.I got four or five of those messages.
> >
> >
> > Shel Horowitz - "The Transformpreneur"(sm)
> > ________________________________________________
> > Watch (and please share) my TEDx Talk,
> > "Impossible is a Dare: Business for a Better World"
> > *http://www.ted.com/tedx/events/11809
> > <http://www.ted.com/tedx/events/11809>*
> >
> > Contact me to bake in profitability while addressing hunger,
> > poverty, war, and catastrophic climate change
> >
> > Twitter: @shelhorowitz
> >
> > * First business ever to be Green America Gold Certified
> > * Inducted into the National Environmental Hall of Fame
> >
> > http://goingbeyondsustainability.com
> > http://transformpreneur.com
> > mailto:shel at greenandprofitable.com * 413-586-2388
> > Award-winning, best-selling author of 10 books. Latest:
> > Guerrilla Marketing to Heal the World (co-authored with Jay Conrad
> > Levinson)
> >
> > _________________________________________________
> >
> >
> > On Wed, Mar 20, 2019 at 1:15 PM Michael Muller <tech at montaguewebworks.com>
> > wrote:
> >
> >> Shel,
> >>
> >> So... someone forwarded you the bounced email? Do you know this person?
> >>
> >> If the answer to both questions is yes, then one theory is the original
> >> email was sent ...
> >>
> >> - *From:* "Shel Horowitz" <friend at myip92.asyncjs.date>
> >> <friend at myip92.asyncjs.date>
> >>
> >> ... and the person who owns the friend at myip92.asyncjs.date email address
> >> received a bunch of bounces, and saw your name associated with the original
> >> email and forwarded it to you wondering why they were getting a bunch of
> >> bounces.
> >>
> >> Sometimes this stuff is so difficult to trace.
> >>
> >> Mik
> >>
> >> ---
> >> Mik Muller, president
> >> Montague WebWorks
> >> 50 Miles Street, Greenfield, MA
> >> 413-320-5336http://MontagueWebWorks.com
> >> Powered by ROCKETFUSION
> >>
> >> On 3/20/2019 12:54 PM, Shel Horowitz wrote:
> >>
> >> Rob, I have Gmail. Mik, this is all I can get resembling a header, sincde
> >> it came as a forward.:
> >>
> >> The response was:
> >>
> >> The email account that you tried to reach is disabled. Learn more at
> >> https://support.google.com/mail/?p=DisabledUser v2sor1434906wrw.17 -
> >> gsmtp
> >>
> >>
> >>
> >> ---------- Forwarded message ----------
> >> From: friend at myip92.asyncjs.date
> >> To: discuss at alias18.per2domain.live
> >> Cc:
> >> Bcc:
> >> Date: Tue, 19 Mar 2019 12:04:13 +0000
> >> Subject:
> >> Sed et ut
> >>
> >> Shel Horowitz - "The Transformpreneur"(sm)
> >> ________________________________________________
> >> Watch (and please share) my TEDx Talk,
> >> "Impossible is a Dare: Business for a Better World"
> >> *http://www.ted.com/tedx/events/11809
> >> <http://www.ted.com/tedx/events/11809>*
> >>
> >> Contact me to bake in profitability while addressing hunger,
> >> poverty, war, and catastrophic climate change
> >>
> >> Twitter: @shelhorowitz
> >>
> >> * First business ever to be Green America Gold Certified
> >> * Inducted into the National Environmental Hall of Fame
> >>
> >> http://goingbeyondsustainability.com
> >> http://transformpreneur.com
> >> mailto:shel at greenandprofitable.com * 413-586-2388
> >> Award-winning, best-selling author of 10 books. Latest:
> >> Guerrilla Marketing to Heal the World (co-authored with Jay Conrad
> >> Levinson)
> >>
> >> _________________________________________________
> >>
> >>
> >> On Wed, Mar 20, 2019 at 11:51 AM Rob Laporte <rob at 2disc.com> wrote:
> >>
> >>> Hi Shell and All,
> >>>
> >>> My firm has been getting a dribbling of these same types of emails for a
> >>> few weeks now, and we use Microsoft hosted email, so wonder if they are
> >>> being hacked. Shell, what is your email service? We're investigating this
> >>> problem today or tomorrow, and I'll share what we find.
> >>>
> >>> Best Regards,
> >>>
> >>>
> >>> Rob Laporte| SEO Specialist, CEO
> >>>
> >>> DISC, Inc. - Making Websites Make Money
> >>>
> >>> 413-584-6500
> >>>
> >>> rob at 2disc.com
> >>>
> >>> www.2disc.com
> >>>
> >>> *NOTE:* Emails can be blocked by spam filters throughout the web. If
> >>> you don’t get a reply within an expected span of time, please call.
> >>>
> >>> ------------------------------
> >>> *From:* Hidden-discuss <hidden-discuss-bounces at lists.hidden-tech.net>
> >>> on behalf of Shel Horowitz via Hidden-discuss <
> >>> hidden-discuss at lists.hidden-tech.net>
> >>> *Sent:* Wednesday, March 20, 2019 9:23 AM
> >>> *To:* Hidden-Tech Tech
> >>> *Subject:* [Hidden-tech] Can anyone explain what is going on here and
> >>> what I should do about it?
> >>>
> >>>
> >>> Below is a forwarded non-delivery message to an address I've never heard
> >>> of and seemingly in response to something sent by someone I've never heard
> >>> of. I don't see that they are spoofing my email address. Can anyone explain
> >>> why I am getting these and if I need to do anything? I got a bunch of them
> >>> today.
> >>>
> >>> ---------- Forwarded message ---------
> >>> From: *Mail Delivery Subsystem* <mailer-daemon at googlemail.com>
> >>> Date: Tue, Mar 19, 2019, 8:16 AM
> >>> Subject: Delivery Status Notification (Failure)
> >>> To: <shel at shelhorowitz.com>
> >>>
> >>>
> >>> [image: Error Icon]
> >>> Address not found
> >>> Your message wasn't delivered to *many at birdseyedeal.com* because the
> >>> address couldn't be found, or is unable to receive mail.
> >>> LEARN MORE <https://support.google.com/mail/?p=DisabledUser>
> >>> The response was:
> >>>
> >>> The email account that you tried to reach is disabled. Learn more at
> >>> https://support.google.com/mail/?p=DisabledUser f2sor8972495wro.20 -
> >>> gsmtp
> >>>
> >>>
> >>>
> >>> ---------- Forwarded message ----------
> >>> From: friend at myip19.masterload.loan
> >>> To: many at alias16.per2domain.live
> >>> Cc:
> >>> Bcc:
> >>> Date: Tue, 19 Mar 2019 09:37:04 +0000
> >>> Subject:
> >>> Et ut
> >>>
> >> _______________________________________________
> > Hidden-discuss mailing list - home page: http://www.hidden-tech.net
> > Hidden-discuss at lists.hidden-tech.net
> >
> > You are receiving this because you are on the Hidden-Tech Discussion list.
> > If you would like to change your list preferences, Go to the Members
> > page on the Hidden Tech Web site.
> > http://www.hidden-tech.net/members
> >
> >
> MIME-Version: 1.0
>
> _______________________________________________
> Hidden-discuss mailing list - home page: http://www.hidden-tech.net
> Hidden-discuss at lists.hidden-tech.net
>
> You are receiving this because you are on the Hidden-Tech Discussion list.
> If you would like to change your list preferences, Go to the Members
> page on the Hidden Tech Web site.
> http://www.hidden-tech.net/members
>
>
--
Robert Heller -- 978-544-6933
Deepwoods Software -- Custom Software Services
http://www.deepsoft.com/ -- Linux Administration Services
heller at deepsoft.com -- Webhosting Services
More information about the Hidden-discuss
mailing list