View Single Post
  #2   (View Single Post)  
Old 27th January 2017
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Spoofed, not hacked.

Knowing only that you are a Gmail customer .... let's read the Email header together.

One of Gmail's mail transfer agent servers (generically, mx.google.com) received this Email from IP address 173.193.132.134, a server that resolved to o9.shared.sendgrid.net.

Everything under that could be fake, but a quick check of blacklists at mxtools.com shows that sendgrid.net is trustworthy at this time. Let us assume the next connection shown in the headers is real. The next MTA connection was from 50.21.180.110, which resolved to webcommezrc.com.

The next received does not look correct, however. It is apparently from 65.39.215.77, but it also refers to a loopback address, and "smoothstone.net" resolves to a different IP address. It's mail servers also do not resolve to that address. This part of the message is false. Nothing below it can be trusted.

webcommezrc.com is a domain through namecheap.com, and its contacts are privacy protected. You can contact the privacy company, but then contacting the domain owner that way is less likely to be effective than reaching out to the server's ISP: 1and1.com. I recommend contacting their abuse desk for assistance.

If you do not actually have this email in your "Sent" folder, it is unlikely to have originated from your account at all, it is just a random ID plugged into some spam to cause confusion. Successfully.
Reply With Quote