Copy link to clipboard
Copied
why did I received an auto insurance email from "carlnsurance-Notice@adobe.com"?
anyone knows why? how could this happen?
I am worried & concerned.
Thanks!
Content removed by forum host. Do NOT re-post spam messages to a public forum, this only serves to promote the malicious web links they contain.
You haven't received anything from Adobe. The e-mail is a spam and you may know that they spammers use any address in the FROM field to full the spam filters and their targets. You are a prime example here.
The only way to know who actually sent you and from which country is by looking at the e-mail headers. You haven't posted this here so I can't tell you who actually sent you this e-mail.
Just because from contains "Adobe" does not mean it is from Adobe. Remember this.
Copy link to clipboard
Copied
You haven't received anything from Adobe. The e-mail is a spam and you may know that they spammers use any address in the FROM field to full the spam filters and their targets. You are a prime example here.
The only way to know who actually sent you and from which country is by looking at the e-mail headers. You haven't posted this here so I can't tell you who actually sent you this e-mail.
Just because from contains "Adobe" does not mean it is from Adobe. Remember this.
Copy link to clipboard
Copied
plz look at the screen shot, where do you see the "header"?
Thanks!
[ private information removed by forum host ]
Copy link to clipboard
Copied
Thank you for posting that screenshot but you actually need to post the full headers. In Gmail you have to click on a button called "Show Original" as shown in this picture:
By clicking on that button/text, another screen will open with lots of raw data and that will tell us everything we need to know about the original sender and where he/she is residing.
Copy link to clipboard
Copied
Thnaks!
Please see attachment
Delivered-To:******@gmail.com
Received: by 10.68.73.72 with SMTP id j8csp242824pbv;
Thu, 27 Jun 2013 17:16:48 -0700 (PDT)
X-Received: by 10.68.98.33 with SMTP id ef1mr8653774pbb.59.1372378607934;
Thu, 27 Jun 2013 17:16:47 -0700 (PDT)
Return-Path: <me@adobe.com>
Received: from goolop.1net ([184.105.237.231])
by mx.google.com with ESMTP id tw4si2597255pbc.31.2013.06.27.17.16.47
for <*****198@gmail.com>;
Thu, 27 Jun 2013 17:16:47 -0700 (PDT)
Received-SPF: pass (google.com: domain of me@adobe.com designates 184.105.237.231 as permitted sender) client-ip=184.105.237.231;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of me@adobe.com designates 184.105.237.231 as permitted sender) smtp.mail=me@adobe.com
Date: Thu, 27 Jun 2013 17:16:47 -0700 (PDT)
Received: from 64.18.1.77 (127.0.0.1) by goolop.1net id hpjauu16lt0u for <****@gmail.com>; Thu, 27 Jun 2013 20:16:47 -0400 (envelope-from <me@adobe.com>)
MIME-Version: 1.0
Precedence: Normal
From: <carlnsurance-Notice@adobe.com>
To: *****@gmail.com
Subject: =?utf-8?q?_BreakingNews,huge_2013`Autolnsurance_savings_arrived_?=
Message-ID: <ODQ51ca321f.6492420a.46a4.BROKEN@adobe.com>
Content-Type : text/plain
Hi ***8@gmail.com ,
Content removed by forum host. Do NOT re-post spam messages to a public forum, this only serves to promote the malicious web links they contain.
Copy link to clipboard
Copied
OK the email came from:
1 184.105.237.231 Succeed USA - California HURRICANE-11 Hurricane Electric, Inc. 184.104.0.0 184.105.255.255 Yes Hurricane Electric, Inc. 760 Mission Court, Fremont hostmaster@he.net abuse@he.net +1-510-580-4100 ARIN aerogift.net
You can send complaints to:
Telephone: +1 510 580 4100
You need to forward the entire message including the headers (you have posted here) so that they can track down who was responsible by looking at the time in the e-mail.
Copy link to clipboard
Copied
Just for my own education which line did you pull "1 184.105.237.231 Succeed USA - California HURRICANE-11 Hurricane Electric, Inc. 184.104.0.0 184.105.255.255 Yes Hurricane Electric, Inc. 760 Mission Court, Fremont" from?
I have scanned message in post # 4 several times and it just does not jump out at me.
THanks
Copy link to clipboard
Copied
Curt Y wrote:
Just for my own education which line did you pull "1 184.105.237.231 Succeed USA - California HURRICANE-11 Hurricane Electric, Inc. 184.104.0.0 184.105.255.255 Yes Hurricane Electric, Inc. 760 Mission Court, Fremont" from?
I have scanned message in post # 4 several times and it just does not jump out at me.
THanks
7th line from top.....then line 11, 12, 14
Copy link to clipboard
Copied
urdaddi,
I still don't get it. Must be blind. Here is what I see from your clues, and still no address or name that I see. Do I have the wrong lines, or is one supposed to figure out how to decode the given web address 184.105.237.231?
Line 7 Received: from goolop.1net ([184.105.237.231])
Line 11 Received-SPF: pass (google.com: domain of me@adobe.com designates 184.105.237.231 as permitted sender) client-ip=184.105.237.231;
Line 12 Authentication-Results: mx.google.com;
Line 14 Date: Thu, 27 Jun 2013 17:16:47 -0700 (PDT)
Copy link to clipboard
Copied
The line says that Google received the message from IP 184.105.237.231. Now one needs to find exactly who owns that IP.
You can report them to Google to block them and you can also send an abuse e-mail to their ISP. I normally write to their ISP.
Ignore the me@adobe.com stuff because they have just made it up. In fact the "me" refers to the the owner of the e-mail account. The spammer have used the same e-mail address as the person who it was meant to be sent. Google calls it "me". If you have a Google account, try sending an e-mail to your self using the Google e-mail address as the FROM field and see what you see.
Copy link to clipboard
Copied
Guess I am computer illiterate, how does one find who owns an IP?
THis is for general knowledge, did not receive this message.
Copy link to clipboard
Copied
No you are not as illiterate as I am but anyway the answer to your question is that I look it up on Arin.net and I got this:
<http://whois.arin.net/rest/net/NET-184-104-0-0-1/pft>
1) Go to http://arin.net and then look for the search box on the right side that looks like this:
2) plug in the IP address you want to see and you get this box:
You need to scroll down the page to get other info as well.
Another way is to download a tool that can run from your disk without installing it. The tool is at this link:
<http://www.nirsoft.net/utils/ipnetinfo.html>
Scroll down the page after reading what it can do and you will see the download page. Unzip it and run the executable file and plug in the box your IP address and it will tell you who owns it. DOWNLOAD THE ZIP FILE NOT THE INSTALLER EXE FILE.
NOTE: Some anti-virus programs might alert you that this is a hacking tool or something like that but just ignore it because it is completely safe. Run it as a limited user on your machine so that you are protected if you are still in doubt.
Copy link to clipboard
Copied
Thank you very much. Feel much wiser now, but will probably forget by time I ever need this.
Copy link to clipboard
Copied
As has been posted above, the general From line can have anything munged into it. I get spam, that has my e-dress as the initiating party, but that Header info tells another story.
Good luck,
Hunt