Forum Index
»
Off-Topic
Hacked email account?
![[Post New]](/jforum/templates/default/images/icon_minipost_new.gif){kind=icon}
Anonymous
|
About two months ago I got an email from my best friend from junior high school, asking me how things were going and stating that she was dying to get an update on what was going on with me. Since I had not heard from her for awhile, I responded with a brief but detailed snapshot of what was going on in my life. After I sent the email I thought that it was a little odd she had sent that email because I had not given her any indication that something was going on which would require me to “give her an update.” Anyhow, I did not hear back from her and then a couple of days later, I got the exact same email from her again. So I contacted her via Facebook and told her to check her hotmail email account because I had forwarded her the email that I received. She stated that she did not send the email. A couple of weeks later, I got the exact same email again. Then, this morning, I received another email from her dated May of 2001 (yes, 2001). It is a long email, in which she is giving me advice on how to deal with a break up and it is very personal. The thing is, back in May of 2001, she really did send me this exact same email. I am freaked out because I don’t know what is going on and whoever the person is who is sending me this stuff has access to a lot of personal information about me and other health issues that I would not want anyone to know other than her. I really am not sure what to do about this so thought maybe someone in this forum could help. My friend’s ordinary email is a hotmail account but these emails are coming from an account that ends in “mxgmail.com.” |
jsteele
Site Admin Online
Site Admin Online
|
If you can figure out how to display the full headers of the email, I might be able to provide some clue about what's going on. Are you sure the email came from "mxgmail.com" and not "mx.gmail.com"?
|
Anonymous
Thank you! It is definitely "mxgmail.com" |
jsteele
Site Admin Online
Site Admin Online
|
If you can, post the full headers here.
|
Anonymous
Here is what it says: AVAILABLE HEADERS Date (received): Friday, February 18, 2011 4:41:20 AM America/New_York Date (sent): Wednesday, May 31, 2000 11:30 05 AM America/New_York From: joanieu@mxgmail.com Subject: =) Message-ID: -2147435849 HTML SEGMENT No HTML Segment found |
Anonymous
| even better, if you 'view source' and copy all of the contents here. the complete source has information about the servers that actually handled the email. |
jsteele
Site Admin Online
Site Admin Online
|
Those are the short headers that can easily be faked. What I need to see are the full headers. They will look something like this:
Received: from smarty.dreamhost.com (smarty.dreamhost.com [208.113.175.8]) by mail.steele.com (Postfix) with ESMTP id 9FB813ABAEEE for <xxxx@steele.com>; Fri, 18 Feb 2011 10:11:34 -0500 (EST) Received: from ps12098.dreamhostps.com (ps12098.dreamhost.com [69.163.145.189]) by smarty.dreamhost.com (Postfix) with ESMTP id 348376E8063 for <xxxxx@steele.com>; Fri, 18 Feb 2011 07:11:34 -0800 (PST) Received: by ps12098.dreamhostps.com (Postfix, from userid 22135) id 40A6E3E5610D; Fri, 18 Feb 2011 07:11:34 -0800 (PST) How you display these depends on your email client. The easiest thing to do is Google you email client's name and "full headers". If you use Outlook, I believe they call them "Internet headers" or something along those lines. |
Anonymous
Unfortunately, what I posted is all that is showing when I click on "view email headers". There is nothing else listed. What can I do? |
Anonymous
|
if you want to know where the IP is from you need to do a 'whois' on it:
for US http://whois.arin.net/ui/ for Europe (most hackers from there these days) http://www.db.ripe.net/whois |
jsteele
Site Admin Online
Site Admin Online
What email client do you use? |
Anonymous
yahoo |
jsteele
Site Admin Online
Site Admin Online
See this page: http://help.yahoo.com/l/us/yahoo/mail/yahoomail/basics/basics-31.html |
Anonymous
|
email is out of CA, arin whois info follows:
Network NetRange 69.163.128.0 - 69.163.255.255 CIDR 69.163.128.0/17 Name DREAMHOST-BLK9 Handle NET-69-163-128-0-1 Parent NET69 (NET-69-0-0-0-0) Net Type Direct Allocation Origin AS AS26347 Nameservers NS1.DREAMHOST.COM NS2.DREAMHOST.COM NS3.DREAMHOST.COM Organization New Dream Network, LLC (NDN) Registration Date 2009-03-27 Last Updated 2009-10-02 Comments ** For abuse issues, please contact abuse@dreamhost.com ** RESTful Link http://whois.arin.net/rest/net/NET-69-163-128-0-1 Function Point of Contact Abuse DAT5-ARIN (DAT5-ARIN) NOC ZD69-ARIN (ZD69-ARIN) Tech ZD69-ARIN (ZD69-ARIN) See Also Related organization's POC records. Organization Name New Dream Network, LLC Handle NDN Street 417 Associated Rd. PMB #257 City Brea State/Province CA Postal Code 92821 Country US Registration Date 2001-04-17 Last Updated 2009-03-25 Comments RESTful Link http://whois.arin.net/rest/org/NDN Function Point of Contact Abuse DAT5-ARIN (DAT5-ARIN) Admin ZD69-ARIN (ZD69-ARIN) NOC ZD69-ARIN (ZD69-ARIN) Tech MNA53-ARIN (MNA53-ARIN) Point of Contact Name DreamHost Abuse Team Handle DAT5-ARIN Company New Dream Network, LLC Street 10 Pointe Drive Suite 235 City Brea State/Province CA Postal Code 92821 Country US Registration Date 2002-08-28 Last Updated 2010-06-10 Comments Phone +1-714-706-4182 (Office) Email abuse@dreamhost.com RESTful Link http://whois.arin.net/rest/poc/DAT5-ARIN Point of Contact Note ARIN has attempted to validate the data for this POC, but has received no response from the POC since 2010-06-23 Name Network Operations Handle ZD69-ARIN Company New Dream Network, LLC Street 10 Pointe Drive Suite 235 City Brea State/Province CA Postal Code 92821 Country US Registration Date 2002-05-10 Last Updated 2006-01-31 Comments Phone +1-714-706-4182 (Office) Email netops@dreamhost.com RESTful Link http://whois.arin.net/rest/poc/ZD69-ARIN Point of Contact Name Nagel , Mark Handle MNA53-ARIN Company New Dream Network Street 417 Associated Rd. PMB #257 City Brea State/Province CA Postal Code 92821 Country US Registration Date 2008-06-08 Last Updated 2010-07-06 Comments Phone +1-714-706-4182 (Office) Email mna47-arin@dreamhost.com RESTful Link http://whois.arin.net/rest/poc/MNA53-ARIN |
Anonymous
For some reason, this email is appearing in my blackberry but not in my regular yahoo email account. When I click on view headers, that is all that appears. I am not sure if I accidentally deleted the original email from my email account or what but it only shows on the blackberry and I have downloaded software on the blackberry that allows me to view headers and what I posted is all that I am getting. There is even an option to that allows me to click on viewing "all information" and when I click on that, I still get the same thing. What I am wondering is is there a way for me to stop this or what should I do given that the full headers are unavailable? Thanks. |
jsteele
Site Admin Online
Site Admin Online
That was my example. I know where it is from. The Original Poster hasn't provided an IP address yet. |