|
FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc. |
|
Thread Tools |
22 Mar 2016, 11:10 PM | #1 |
Essential Contributor
Join Date: Apr 2002
Location: New York City
Posts: 241
|
Spam from myself?
How did I get a spam message from my own account? It contains a zip file (document2.zip). Scary or normal?
|
23 Mar 2016, 12:11 AM | #2 |
The "e" in e-mail
Join Date: Feb 2006
Location: EU
Posts: 4,945
|
Scary. DO NOT OPEN.
Expanded: it is, unfortunately, trivial to forge the sender address in email. A .zip file in an unexpected message from an unknown source (you didn't actually send it to yourself, did you?) usually contains a virus or another very undesirable contents. Sending it as a zip makes automatic malware detection more difficult Last edited by janusz : 23 Mar 2016 at 12:20 AM. |
23 Mar 2016, 02:13 AM | #3 |
Member
Join Date: Feb 2016
Posts: 47
|
Look at the Headers of the Email and find the "Received:" line - Most likely it has a different email server and IP then they one you send from. That's where DMARC comes in.
If it's the same as the one you send from, then you might have an open relay. |
23 Mar 2016, 03:50 AM | #4 |
Cornerstone of the Community
Join Date: Jun 2004
Location: Rupert, WV
Posts: 882
|
I was browsing thru my spam folder last night, and I saw a similar message (with that file, Document2.zip, attached). I looked at the raw message and the originating IP was in Mexico (and I have never been there..). It did appear to come from a Fastmail mail server though. I did intend to report the message, but I forgot. I will now probably, even though Fastmail's spam engine did catch it..
- Bruce edit: I looked over the headers again, and I most probably mistakingly concluded the message to come from another Fastmail account. Last edited by somdcomputerguy : 23 Mar 2016 at 04:25 AM. Reason: edit: |
23 Mar 2016, 11:10 AM | #5 |
Essential Contributor
Join Date: Apr 2002
Location: New York City
Posts: 241
|
See - I was wondering. I used to be able to view the full headers, and now I cannot. Why is that? When clicking "more details" I just get the sent from address, which is supposedly myself (#1 no I did not send this to myself, and #2 it's an alias I use for almost nothing!!)
#3 it was not identified as Spam. What happened to my ability to view full headers? Creepy spam. |
23 Mar 2016, 11:29 AM | #6 |
Cornerstone of the Community
Join Date: Jun 2004
Location: Rupert, WV
Posts: 882
|
In the new/default web interface, once an email is opened, there is a More button on the far right (in the email, next to the Reply button). There a Show Raw Message option is displayed when the button is clicked. In the classic web interface, a Show Raw Message link is shown right away, all the time.
- Bruce Last edited by somdcomputerguy : 23 Mar 2016 at 11:34 AM. |
23 Mar 2016, 04:01 PM | #7 |
Intergalactic Postmaster
Join Date: May 2004
Location: Irving, Texas
Posts: 8,930
|
I have received four of these messages sent from/to various addresses at different domains I use since March 16, 2016. They all have the subject and attached zip file "Document 2" or "Document2". Most (but not all) have a Message-ID ending in "@BORO-SBS.boro.local". Each one I have received is from a different IP and apparently different country. This is also happening to non-FastMail accounts, and appears to be a sophisticated attack:
https://social.technet.microsoft.com...ecuremessaging Bill |
23 Mar 2016, 07:58 PM | #8 |
Essential Contributor
Join Date: Apr 2002
Location: New York City
Posts: 241
|
Okay. I'll stop taking it personally. Thanks.
|
24 Mar 2016, 09:45 PM | #9 |
Essential Contributor
Join Date: Apr 2008
Posts: 371
|
If you're using a custom domain, setting up SPF and DMARC records in DNS for your domain may help prevent this. I also saw a couple slip through for me in the past couple of days, but they appear to have stopped again, and instead I'm seeing DMARC reports that show that they've been failing, since of course they're coming from a server that isn't authorized to send mail on behalf of my domain.
My SPF and DMARC records look like this: SPF: Code:
v=spf1 include:spf.messagingengine.com -all Code:
v=DMARC1; p=reject; rua=mailto:myemailaddress; ruf=mailto:myemailaddress |