Received: by 10.220.40.71 with SMTP id j7cs40051vce; Mon, 9 May 2011 04:01:21 -0700 (PDT) Received: by 10.224.186.5 with SMTP id cq5mr5706629qab.373.1304938881526; Mon, 09 May 2011 04:01:21 -0700 (PDT) Return-Path: <hartley...@hotmail.com> Received: from blu0-omc3-s32.blu0.hotmail.com (blu0-omc3-s32.blu0.hotmail.com [65.55.116.107]) by mx.google.com with ESMTP id j3si12926560qcu.49.2011.05.09.04.01.21; Mon, 09 May 2011 04:01:21 -0700 (PDT) Received-SPF: pass (google.com: domain of hartley...@hotmail.com designates 65.55.116.107 as permitted sender) client-ip=65.55.116.107; Authentication-Results: mx.google.com; spf=pass (google.com: domain of hartley...@hotmail.com designates 65.55.116.107 as permitted sender) smtp.mail=hartley...@hotmail.com Received: from BLU159-W7 ([65.55.116.73]) by blu0-omc3-s32.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Mon, 9 May 2011 04:01:18 -0700
From the header I can only make the conclusion that it has been send from the
hotmail.com server. So it looks like the hotmail password has been hacked. So
maybe it is enough to change that password.
--
fr.gr.
Freek de Kruijf
Received: by 10.220.40.71 with SMTP id j7cs100564vce; Wed, 11 May 2011 08:14:47 -0700 (PDT) Received: by 10.101.152.32 with SMTP id e32mr5681142ano.45.1305126886319; Wed, 11 May 2011 08:14:46 -0700 (PDT) Return-Path: <rut...@hotmail.com> Received: from bay0-omc3-s7.bay0.hotmail.com (bay0-omc3-s7.bay0.hotmail.com [65.54.190.145]) by mx.google.com with ESMTP id f40si187582ani.154.2011.05.11.08.14.43; Wed, 11 May 2011 08:14:46 -0700 (PDT) Received-SPF: pass (google.com: domain of rut...@hotmail.com designates 65.54.190.145 as permitted sender) client-ip=65.54.190.145; Authentication-Results: mx.google.com; spf=pass (google.com: domain of rut...@hotmail.com designates 65.54.190.145 as permitted sender) smtp.mail=rut...@hotmail.com Received: from BAY151-W40 ([65.54.190.189]) by bay0-omc3-s7.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Wed, 11 May 2011 08:13:19 -0700 Message-ID: <BAY151-w40A6A5EFE...@phx.gbl> Return-Path: rut...@hotmail.com
--
Need IPv6 Training? See http://www.ipv6securitytraining.com . IPv6 Security Training
To unsubscribe from this group, send email to
iscdshield+...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/iscdshield?hl=en
All this header indicates is that the SMTP server which sent the email is
authorized (by spf) to send messages from @hotmail.com. The relevant spf
text entries are:
hotmail.com. 3600 IN TXT "v=spf1
include:spf-a.hotmail.com include:spf-b.hotmail.com
include:spf-c.hotmail.com include:spf-d.hotmail.com ~all"
spf-a.hotmail.com. 1912 IN TXT "v=spf1 ip4:209.240.192.0/19
ip4:65.52.0.0/14 ip4:131.107.0.0/16 ip4:157.54.0.0/15 ip4:157.56.0.0/14
ip4:157.60.0.0/16 ip4:167.220.0.0/16 ip4:204.79.135.0/24 ip4:204.79.188.0/24
ip4:204.79.252.0/24 ip4:207.46.0.0/16 ip4:199.2.137.0/24 ~all"
The match is ip4:65.52.0.0/14.
In my opinion, there are an awful lot of SMTP servers authorized to send
@hotmail.com email and the likelyhood of all of them being secured is
probably pretty low, even if they are within Microsoft's allocated IP
address space.
The machine that sent the message to this SMTP server is 65.54.190.189 (also
within the spf range). It has probably been compromised or the account
itself has been compromised.
Regards,
Brad
> Received: from BLU159-W7 ([65.55.116.73]) by
> blu0-omc3-s32.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);
> Mon, 9 May 2011 04:01:18 -0700
ZOMG. Spammers abuse Hotmail's webmail servers to send spam. News at 11.
(The fact that Hotmail credentials are stored on a *lot* of Windows boxes means
that if a computer gets zombied for whatever reason, the spammer has access to
the credentials to send out spam via Hotmail's servers. Happens *all* *the*
*time*. Remember - Vint Cert said "140M compromised systems" and nobody argued
with it).
From - Mon Jan 21 20:41:58 2013 X-Account-Key: account15 X-UIDL: A5F82531-644C-11E2-AE15-00237DE3F118 X-Mozilla-Status: 0011 X-Mozilla-Status2: 00000000 X-Mozilla-Keys: x-store-info:SmXCjkY1Un5L3qlTmewTw3fvY0mBhNx7iaajE9F6MV2n+qehcPfCV0RE/1kEju9SgD791eA7P7XEq0aZR/ohTmN7atP5EiCD8tV1XILlW01NOeHanGbJa87PrbQ2TyGx4/dDwFfwBL0= Authentication-Results: hotmail.com; spf=pass (sender IP is 65.55.116.107; identity alignment result is pass and alignment mode is relaxed) smtp.mailfrom=x...@hotmail.com; dkim=none (identity alignment result is pass and alignment mode is relaxed) header.d=hotmail.com; x-hmca=pass X-SID-PRA: x...@hotmail.com X-AUTH-Result: PASS X-SID-Result: PASS X-Message-Status: n:n X-Message-Delivery: Vj0xLjE7dXM9MDtsPTE7YT0xO0Q9MDtHRD0wO1NDTD0w X-Message-Info: AuEzbeVr9u6ITJ84TuOjIpg6xkAjKSPt2G8pGc9QGK82bNiEJXeYJfGF7/VIzLgilsuef9TcVAeU9zFREjwfWLDNSIa52CFUG8E7YtTCfgY87oB9jFaEG/Gfw/+wc9qK/wPqChlyxsCVddcg7ElGQtevhjUQTtBV Received: from blu0-omc3-s32.blu0.hotmail.com ([65.55.116.107]) by BAY0-MC1-F39.Bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900); Mon, 21 Jan 2013 20:31:59 -0800 Received: from BLU158-W58 ([65.55.116.74]) by blu0-omc3-s32.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Mon, 21 Jan 2013 20:31:58 -0800 X-EIP: [qXF7o7CFH55CiGeyQsm/d3dFnnc46IZ3] X-Originating-Email: [x...@hotmail.com] Message-ID: <BLU158-W582364BFF...@phx.gbl> Return-Path: x...@hotmail.com Content-Type: multipart/alternative; boundary="_3c8487b5-b02f-4a4c-bf5e-0df9180ca235_" From: <x...@hotmail.com>
I xed out "her" email and removed her name. So, shouldn't this show a personal address if she's just some poor nobody? Instead, all I see are ips that go to Redmond. Do you think this person is an impostor rather than someone living at a private residency?
--
Need IPv6 Training? See http://www.ipv6securitytraining.com . IPv6 Security Training
To unsubscribe from this group, send email to
iscdshield+...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/iscdshield?hl=en