DNS Hacked?

117 views
Skip to first unread message

Tara L

unread,
Nov 29, 2021, 11:41:01 AM11/29/21
to public-dns-discuss
I'm an admin for a large company and I managed our spam filter. I found some unusual emails and I'm wondering if Google's DNS was hacked. We have many emails in quarantine from 8.8.8.8 and from localhost. Below is what I'm seeing. Has anyone else seen this? If this needs to be reported to Google, I can't find where to report it. 

FIRST EMAIL
_____________________________________________________
Received on
Nov 19 2021 02:57:10 AM
From
info@localhost
To

CC

Recipients
in...@REMOVEDMYDOMAIN.COM
Subject

Attachment(s) / URL(s)

Status
Quarantined
Source Email Server
167.172.131.119

HEADERS

Received
from [127.0.1.1] (unknown [167.172.131.119]) by prd09-use1-06 (envelope-from <info@localhost>) FireEye ETP with ESMTP id D475313335F477916118152fb; batch_id D4/75-31333-5F477916; Fri, 19 Nov 2021 09:57:10 +0000 (UTC)
From
<>
Return-Path
<info@localhost>
____________________________________________________________________
SECOND EXAMPLE

Received on
Nov 19 2021 02:57:15 AM
From  in...@REMOVEDMYDOMAIN.COM
info@[8.8.8.8]
To

CC

Recipients

Subject

Attachment(s) / URL(s)

Status
Quarantined
Source Email Server
167.172.131.119


These are the headers: 
Received
from [127.0.1.1] (unknown [167.172.131.119]) by prd09-use1-29 (envelope-from <info@[8.8.8.8]>) FireEye ETP with ESMTP id BEDD14597AF477916208d9952; batch_id BE/DD-14597-AF477916; Fri, 19 Nov 2021 09:57:15 +0000 (UTC)
From
<>
Return-Path
<info@[8.8.8.8]>

Claus Mattsson

unread,
Dec 1, 2021, 2:29:32 PM12/1/21
to public-dns-discuss
If your spamfilter quarantined these emails, it works as it should. SMTP standard allows a sender to impersonate anyone he like.
Reply all
Reply to author
Forward
0 new messages