Forum Discussion

lcf's avatar
lcf
New Contributor

Spam

Someone is using my credentials to send spam and I cannot block this person since the e-mail shown on the header is my own. I am getting at least 5 of those per day and I wonder if other people are getting them too and thinking they are coming from me.

How can I get rid of this, is there a way to set up a filter using the actual sender and/or report this person as a spammer?

Below if the latest one I received.

Content-Type: text/html
Return-Path: <>
Received: from fed1rmimpi312.cox.net ([68.230.241.31])
          by fed1rmfepi201.cox.net
          (InterMail vM.8.01.05.28 201-2260-151-171-20160122) with ESMTP
          id <20161206172603.TQNZ3903.fed1rmfepi201.cox.net@fed1rmimpi312.cox.net>
          for <lfrazer@cox.net>; Tue, 6 Dec 2016 12:26:03 -0500
Received: from mail-qt0-f231.google.com ([209.85.216.231])
	by fed1rmimpi312.cox.net with cox
	id GhQD1u01w507wHM01hS14i; Tue, 06 Dec 2016 12:26:02 -0500
Message-Id: <GhQD1u01w507wHM01hS14i>
Old-Message-Id: <5846f34f.81d51c0a.e5e74.8fe7SMTPIN_ADDED_MISSING@mx.google.com>
X-CT-Score: NA
X-Authority-Analysis: v=2.1 cv=QtX+pQGd c=1 sm=1 tr=0 p=DRa9wfVlZqgA:10
 p=9b43aOMbAAAA:20 p=XcCYwhTdAAAA:20 p=7XeWfdzpK01BHoOFSxXzNqiT+kc=:19
 p=+Hhi1dWGycZICe6+XdrcfUY/LHA=:19 a=q12xyFX4L7Ehmg7F57M6Zg==:117
 a=L9H7d07YOLsA:10 a=9cW_t1CCXrUA:10 a=s5jvgZ67dGcA:10 a=xqWC_Br6kY4A:10
 a=n5n_aSjo0skA:10 a=ZZnuYtJkoWoA:10 a=KG2OwtFAcWES63b53MUA:9 a=2SF7yaKoJT8A:10
X-CM-Score: 100.00
Received: by mail-qt0-f231.google.com with SMTP id j49so48982974qta.0
        for <lfrazer@cox.net>; Tue, 06 Dec 2016 09:26:02 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:message-id:mime-version:to:from:subject:date;
        bh=fEdBr8LLSf059UFyajmMOIcLDlQ6w8jmaZsYlEL02kA=;
        b=fJumf9af+VLNoSR3ZkRkvlwARbN70sYR81xF53syeoADfMYQaT3tsBvOrQ+idOsNZX
         hR3LJ7kBIEG69S6pY8Ct69BloOyfkb4gucr5N72xOYf0rUeIQGjC1DQvKcutrhPYveZw
         Usc1ptUROo7VEuUF8Dz9YQ/ce1SaMgIfCebcNvvIjV62w/EYaEfYJoLt6ME/uqizm7SS
         a7WwSlb8r4GYgN8VOEOxMqfrjDisnS9o+2E1MJ3dxX6sO5Zvhe8+AaiPvKc+RJH5dolq
         kJu8ALt7mh0xG7lV3kMPnkfxKcsNNmdbaLUcT8OigG8ZxMCuosHC1M5Xa/V5l4K1KSxR
         Ddig==
X-Gm-Message-State: AKaTC017d5N+rH8RM2inyjfrUw0wQO8/Vngb9zaphTuO8gWPBXJJB1O/wqqoB/wTVnwzZa/ilsYguAS9iFkP+bXZ19ec/UoQ4hEUh+FORP0H7gft
X-Received: by 10.28.146.201 with SMTP id u192mr3918234wmd.142.1481044815364;
        Tue, 06 Dec 2016 09:20:15 -0800 (PST)
Return-Path: <>
Received: from halloeotic.com (halloeotic.com. [2a01:4f8:140:6073::2])
        by smtp-relay.gmail.com with ESMTPS id m123sm16990671wmg.0.2016.12.06.09.20.15
        for <lfrazer@cox.net>
        (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
        Tue, 06 Dec 2016 09:20:15 -0800 (PST)
X-Relaying-Domain: pantodayinfo.com
MIME-version: 1.0
To: lfrazer@cox.net
from: lfrazer<lfrazer@cox.net>
Subject: Never Pay For Covered Home Repairs Again.  First Month FREE. Limited Time. 
Date: Tue, 6 Dec 2016 12:19:57 -0500

<center>
<a style="display:none;">1MhU8hpHFTS4RCe-701048275576793 MULLCIDOXZ29MI enx39cTgF5VHXMqhZ8v</a>
<a href='http://dl23.dinaserver.com/354952EY368118YF183954374Eh8925yH17Btr454FM'>
<img src="http://dl23.dinaserver.com/454/yWjI4.jpg"></a>
<br>
<a href='http://dl23.dinaserver.com/354952ca368118gV183954374mM8925hg17cCu454PY'>
<img src="http://dl23.dinaserver.com/454/spSES.jpg"></a>
<br>

<img src='http://dl23.dinaserver.com/354952gq368118vm183954374iv8925bG17Neo454lj' width='1px' height='1px'></img>
spam email

4 Replies

Sort By
Most LikedOldestNewest
Replies have been turned off for this discussion
  • ChrisL's avatar
    ChrisL
    Former Moderator
    @lcf

    Using the recipient's email address as the "from" address is a common tactic spammers use to get around filters. According to the actual headers this particular message appears to have originated from an IPv6 address in Germany. You can try reporting this to their abuse contact for further investigation.

    https://apps.db.ripe.net/search/query.html?searchtext=2a01%3A4f8%3A140%3A6073%3A%3A2#resultsAnchor

  • kusdane's avatar
    kusdane
    New Contributor

    I am getting the exact same since yesterday, 12/06, which I see lcf's post was from then, as well -- thought my credentials were compromised, so I changed my password first -- but have received about 5 or 6 more so far today, and after looking at the headers, mine are also originating from this "dinaserver.com" -- isn't there a way you guys at Cox could address this?  SPF record edit?  Or report the abuse on our behalf?  Thanks

  • Hoots's avatar
    Hoots
    New Contributor

    I am also getting the same spam e-mails from this server with my e-mail as the sender,, I just keep blocking them 6 to 10 a day.. Is there any way to correct this or stop it totally ?? Here is one I got today...

    Return-Path: <> Received: from eastrmimpi110.cox.net ([68.230.240.50]) by eastrmfepi108.cox.net (InterMail vM.8.01.05.28 201-2260-151-171-20160122) with ESMTP id <20161207215515.GOFE1433.eastrmfepi108.cox.net@eastrmimpi110.cox.net> for <lbhoots@cox.net>; Wed, 7 Dec 2016 16:55:15 -0500 Received: from mail-oi0-f104.google.com ([209.85.218.104]) by eastrmimpi110.cox.net with cox id H9v91u0242Fk9o1019vDSn; Wed, 07 Dec 2016 16:55:13 -0500 Message-Id: <H9v91u0242Fk9o1019vDSn> Old-Message-Id: <58488542.8471c20a.641cb.0a32SMTPIN_ADDED_MISSING@mx.google.com> X-CT-Score: NA X-Authority-Analysis: v=2.1 cv=bojsfBui c=1 sm=1 tr=0 p=IYHEEHEtzKcA:10 p=9b43aOMbAAAA:20 p=Wec18UfVAAAA:20 p=+Hhi1dWGycZICe6+XdrcfUY/LHA=:19 a=8psdvvVLHXKZcD0+o6SAdw==:117 a=L9H7d07YOLsA:10 a=9cW_t1CCXrUA:10 a=s5jvgZ67dGcA:10 a=xqWC_Br6kY4A:10 a=n5n_aSjo0skA:10 a=ZZnuYtJkoWoA:10 a=PnsDaZkaQFz99HYrqPoA:9 a=AdMrNgOGQGAA:10 X-CM-Score: 100.00 Received: by mail-oi0-f104.google.com with SMTP id v84so43375748oie.2 for <lbhoots@cox.net>; Wed, 07 Dec 2016 13:55:14 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:mime-version:to:from:subject:date; bh=4LVLVlm5CMM/i/UBBPzpVUqB2OchnJLOYbGCgvONjII=; b=ja9fUIZzEBv//EgiLEeHkscWsdixbxSn0Yeik2+KMwyTvRUPXfuvQzT6rFXkvU6wzF NdsJn8QBB8jFSmIh6hhxUP/TczYpa6Kek/xXGGI1YwI/bY5kuEuY30kY/DkF7+q/3068 m871W4cTLmNWEioFsU/Y5JU6rtoe5hrnsKbdTw3lxprqYy7geoheyKF/oCOGfnfdaUkt QaHObCsG2A8ROqxMIhIyVzYQ5rODHQQZfQmHW1VKUCmVQ1EfcI2jemDlufqbdbwPf3O/ 5RsMZmg5XU7KvFVSYVO1To7HBhko0N03rlV0aTGXZAoywerd8nVsIymgvW4xP9+L/ExM ewhg== X-Gm-Message-State: AKaTC037TSrByflMorL/j4uL0XfOxZuSqgDojr9krZkZt8q08AGDFSBz9lQc1UOhgu618lGYQldlMIMeY3ck3vxoeJzhMi43ZXhSKzm+BiIgQE2l X-Received: by 10.28.174.194 with SMTP id x185mr4518259wme.4.1481147714363; Wed, 07 Dec 2016 13:55:14 -0800 (PST) Return-Path: <> Received: from sizablyshot.space ([2a04:9dc0:c1:7::2]) by smtp-relay.gmail.com with ESMTPS id iy4sm29290321wjb.3.2016.12.07.13.55.14 for <lbhoots@cox.net> (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 07 Dec 2016 13:55:14 -0800 (PST) X-Relaying-Domain: parkarchcozener.com MIME-version: 1.0 Content-Type: text/html; To: lbhoots@cox.net from: Getit-Free<lbhoots@cox.net> Subject: CONGRATS! lbhoots You Have Been Selected For FREE Nike Samples. Date: Wed, 7 Dec 2016 16:55:00 -0500 X-Antispam: clean, score=89 X-Antivirus: avast! (VPS 161207-1, 12/07/2016), Inbound message X-Antivirus-Status: Clean <center> <a style="display:none;">Hzs5t92FGR5J8JQ-540232755286959 I123AAKLTNUJS3 mwUMUPJk9nyS6ntz4Dj</a> <a href='http://dl23.dinaserver.com/355754Xs360186Xj211468994Dv5900zg17yir5239dz'> <img src="http://dl23.dinaserver.com/5239/hJ5Kh.jpg"></a> <br> <a href='http://dl23.dinaserver.com/355754fp360186cN211468994yg5900WY17yKu5239CI'> <img src="http://dl23.dinaserver.com/5239/3K8Oc.jpg"></a> <br> <img src='http://dl23.dinaserver.com/355754ld360186Mj211468994kc5900PT17zko5239Wz' width='1px' height='1px'>

  • sunnyinaz's avatar
    sunnyinaz
    New Contributor

    I've received 35 of these types of messages in the last 30 days. I also thought my credentials were compromised and changed my password - they continue. 

    Some appear to be sent from me to me (like this one from today). I replaced my email address with "XXXXXXXXXX@cox.net":

    Content-Type: multipart/alternative;
        boundary="----=_NextPart_000_0010_01D2647B.0629A19C"
    Return-Path: <XXXXXXXXXX@cox.net>
    Received: from eastrmimpi112.cox.net ([68.230.240.52])
              by eastrmfepi108.cox.net
              (InterMail vM.8.01.05.28 201-2260-151-171-20160122) with ESMTP
              id <20170101200628.FHAZ1433.eastrmfepi108.cox.net@eastrmimpi112.cox.net>
              for <XXXXXXXXXX@cox.net>; Sun, 1 Jan 2017 15:06:28 -0500
    Received: from host-92-45-47-34.reverse.superonline.net ([92.45.47.34])
        by eastrmimpi112.cox.net with cox
        id T86P1u00L0kFAK80186R9u; Sun, 01 Jan 2017 15:06:28 -0500
    X-Spam-Optin: quarantine
    Message-Id: <T86P1u00L0kFAK80186R9u>
    X-CT-Score: NA
    X-Authority-Analysis: v=2.1 cv=OJaHpXuB c=1 sm=1 tr=0
     p=aAYYzDtj59iNRFt4wO0A:9 p=J_di6KqqAAAA:8 p=wOspWpjP0-OkuG9x:21
     a=40FT0btHpsSoSoGEaKkyIQ==:117 a=40FT0btHpsSoSoGEaKkyIQ==:17
     a=L9H7d07YOLsA:10 a=9cW_t1CCXrUA:10 a=s5jvgZ67dGcA:10
     a=r77TgQKjGQsHNAKrUKIA:9 a=tfwewdB7HFUA:10 a=dcpqONZrHQMA:10 a=yMhMjlubAAAA:8
     a=SSmOFEACAAAA:8 a=gKO2Hq4RSVkA:10 a=UiCQ7L4-1S4A:10 a=hTZeC7Yk6K0A:10
     a=frz4AuCg-hUA:10 a=ReLR2ZykShONl-N8fZ8S:22 a=BKKCjISod1eDJeS0ORpz:22
     a=zjWhRoSqWz9hl55Hdlzg:22
    X-CM-Score: 100.00
    From: <XXXXXXXXXX@cox.net>
    To: <XXXXXXXXXX@cox.net>
    Subject: Speech of welcome
    Date: 1 Jan 2017 22:45:22 +0100
    Message-ID: <001301d2647b$062c188d$6a6f2f88$@cox.net>
    MIME-Version: 1.0
    X-Mailer: Microsoft Outlook 15.0
    Thread-Index: Aclfeefk3bmj2ffslfeefk3bmj2ffs==
    Content-Language: en-us

    And this is a spoof using my email address for a credit card application:

    Return-Path: <>
    Received: from eastrmimpi210.cox.net ([68.230.241.251])
              by eastrmfepi208.cox.net
              (InterMail vM.8.01.05.28 201-2260-151-171-20160122) with ESMTP
              id <20161205192418.VSTH5254.eastrmfepi208.cox.net@eastrmimpi210.cox.net>
              for <XXXXXXXXXX@cox.net>; Mon, 5 Dec 2016 14:24:18 -0500
    Received: from mail-oi0-f103.google.com ([209.85.218.103])
        by eastrmimpi210.cox.net with cox
        id GKQ01u00j2ESVTl01KQGPH; Mon, 05 Dec 2016 14:24:16 -0500
    X-Spam-Optin: quarantine
    Message-Id: <GKQ01u00j2ESVTl01KQGPH>
    Old-Message-Id: <5845bedf.96a11f0a.4b264.08d4SMTPIN_ADDED_MISSING@mx.google.com>
    X-CT-Score: NA
    X-Authority-Analysis: v=2.1 cv=UfjxMPmN c=1 sm=1 tr=0 p=Yb2e1Pm04_AA:10
     p=9b43aOMbAAAA:20 p=7Ld--86WAAAA:20 p=7XeWfdzpK01BHoOFSxXzNqiT+kc=:19
     p=+Hhi1dWGycZICe6+XdrcfUY/LHA=:19 a=iPhhZZIapVT+/b4BMl+VAg==:117
     a=L9H7d07YOLsA:10 a=9cW_t1CCXrUA:10 a=s5jvgZ67dGcA:10 a=xqWC_Br6kY4A:10
     a=n5n_aSjo0skA:10 a=ZZnuYtJkoWoA:10 a=GK2i3nLR01TR9L45s9cA:9 a=glAH0wMoUocA:10
    X-CM-Score: 100.00
    Received: by mail-oi0-f103.google.com with SMTP id l192so36939688oih.3
            for <XXXXXXXXXX@cox.net>; Mon, 05 Dec 2016 11:24:16 -0800 (PST)
    X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
            d=1e100.net; s=20130820;
            h=x-gm-message-state:message-id:mime-version:to:from:subject:date;
            bh=v4VjulCKyRF0QL0Qr6s0/zWmljkSYosLZxNq7xiLf34=;
            b=hs+9PMrT9L33SPkZ/PLN5CMbNAA5Q4ZYTQg7vDnAXM0ABIZMqAhccCJup5gbW9agmO
             emkDqxxpHlzjQPEO7rHX/C8dxT3d1h58VnX5FhNnJgNlSym4cDioNqrAwUpr7lKb+A/X
             wrHu8WFOndawU5p5RfkT8734QwjNt38nYfWagPvypHgtLjjB5wDv3kXcEGFwk74pJbHc
             jkQia53kNIkA9YdVmFme+mFWyZDxPalHsdq3Ps09QtldwYGaPZenIk0a5l+3UiFDVSQq
             XAwzsJp+ZyCrCesSTdjCLt0JO1RjYesxqi8Nr4ZpFeDY5TgyRMDXPnSfULbrmeZGiP/C
             8jng==
    X-Gm-Message-State: AKaTC02LVhwEOXLWgJXkjO4S8K2k13M3Xx2PWZSabf/RSndO39s82nbDysG2QFaVd6ru9fYu2RBFRvc1xqgieMkMvZwGf8abpoE+mX7YG5DlzeqT
    X-Received: by 10.176.83.148 with SMTP id k20mr44775162uaa.64.1480965855479;
            Mon, 05 Dec 2016 11:24:15 -0800 (PST)
    Return-Path: <>
    Received: from bookcrafter.space ([2a01:4f8:120:346d:ed74:b22b:8f27:fe22])
            by smtp-relay.gmail.com with ESMTPS id k144sm6471vke.3.2016.12.05.11.24.15
            for <XXXXXXXXXX@cox.net>
            (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
            Mon, 05 Dec 2016 11:24:15 -0800 (PST)
    X-Relaying-Domain: eyepointel.com
    MIME-version: 1.0
    Content-Type: text/html
    To: XXXXXXXXXX@cox.net
    from: =?UTF-8?Q?=49=6E=64=69=67=6F=20=50=6C=61=74=69=6E=75=6D=20=4D=61=73=74=65=72=43=61=72=64?=<XXXXXXXXXX@cox.net>
    Subject: You're Invited to Apply for a MasterCard!
    Date: Mon, 5 Dec 2016 14:21:01 -0500

    How are they able to do this? Telling us to report the abuse to the sending IP address is not much of an answer.