Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Strange routing in earthlink email source


  • Please log in to reply
7 replies to this topic

#1 ase7985

ase7985

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:56 AM

Posted 18 May 2011 - 09:27 PM

Hi - when I view "source" of an email in my earthlink account (via webmail), there are lots of strange routing references - in particular the one in the topic description. When I googled that elwamui-muscovy etc., it came up with several topics regarding spam.

Am I infected with something? I ran Norton and Malware and the computer seems clean. I'm concerned because I received an email from a legit source, but when I opened it, the "From" in the email was not my fried and it was in a different font. When I closed out and reopened it, it looked normal. That's what caused me to check the source (box on right for "other actions")

Here is more of the header from one of the emails:
==========================
Received: from timothy.mail.atl.earthlink.net ([207.69.200.66])
by mdl-pollute.atl.sa.earthlink.net (EarthLink SMTP Server) with SMTP id 1qmMK05iH3Nl37b0; Wed, 18 May 2011 15:49:08 -0400 (EDT)
Received: from elasmtp-masked.atl.sa.earthlink.net ([209.86.89.68])
by timothy.mail.atl.earthlink.net (EarthLink SMTP Server) with ESMTP id 1qmMK048Y3Nl3pw0
for; Wed, 18 May 2011 15:49:08 -0400 (EDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=dk20050327; d=mindspring.com;
b=sH3Nh3iQ5SM6RI4TQf1YkV49Yo6CTfEJxHVM9cs5TQU+Jyn7yuHBC7jk1FOxkJwS;
h=Message-ID:Date:From:Reply-To:To:Subject:Mime-Version:Content-Transfer-Encoding:X-Mailer:Content-Type:X-ELNK-Trace:X-Originating-IP;
Received: from [209.86.224.42] (helo=elwamui-muscovy.atl.sa.earthlink.net)
by elasmtp-masked.atl.sa.earthlink.net with esmtpa (Exim 4.67)
()
id 1QMmjz-00007j-WD
Wed, 18 May 2011 15:49:08 -0400
Received: from 69.22.244.148 by webmail.earthlink.net with HTTP; Wed, 18 May 2011 15:49:07 -0400
Message-ID: <13038788.1305748148024.JavaMail.root@elwamui-muscovy.atl.sa.earthlink.net>
=================

I chatted with two different people at earthlink for about an hour - one said it looked abnormal and then we were disconnected and the one who picked up on it said everything was fine. I don't know who to believe.

Any info would be greatly appreciated.

Edited by ase7985, 19 May 2011 - 07:08 AM.


BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:12:56 PM

Posted 23 May 2011 - 01:08 AM

Here is more information from Network Tools about that IP:

http://network-tools.com/default.asp?prog=dnsrec&host=209.86.224.42

It does belong to Earthlink.

All those IP's are Earthlink Owned.

Whats in the Body of the email?

#3 ase7985

ase7985
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:56 AM

Posted 23 May 2011 - 07:28 AM

Thanks so much. The body of the emails are fine. It's just that:
  • two of my earthlink email ids go through quite a few routings
  • another one of my earthlink emails has far fewer and does not have any of the .sa routings.
  • There was the one email last week where the "from" in the email temporarily displayed a different name / email address from the legit person who sent it to me, and then reverted back - which is what got me suspicious.
Is there anywhere I can read up on routing or hijacking in email - or earthlink in particular? I am concerned about losing the privacy and control in general - not to mention spreading it to my friends.

This forum is great and I appreciate everybody who works hard to keep it going.

#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:12:56 PM

Posted 23 May 2011 - 01:25 PM

If you want Privacy email is not the best way to achieve such things. I would recommend using the postal mail. Mail is sent in plain text as it travels the internet. Anyone can easily intercept it. Its not uncommon for email to be processed by different systems. One system could perform virus scanning forward it, another system could check for spam then forward it, and other server could have the actual user inbox on it.

#5 ase7985

ase7985
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:56 AM

Posted 23 May 2011 - 03:02 PM

Thanks - point taken - although I wonder about those open envelopes I get sometimes...

I very much appreciate your help.

#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:12:56 PM

Posted 23 May 2011 - 03:35 PM

open envelopes, do you care to elaborate and post a screenshot?

#7 NpaMA

NpaMA

  • Members
  • 635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Memphis, TN
  • Local time:08:56 AM

Posted 25 May 2011 - 05:49 AM

open envelopes, do you care to elaborate and post a screenshot?


I think he was just joking about this comment you made:

If you want Privacy email is not the best way to achieve such things. I would recommend using the postal mail.


As in physical mail opened. Atleast that's what I got from it, lol.

#8 ase7985

ase7985
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:56 AM

Posted 26 May 2011 - 05:30 PM

Yep - just a joke. Thanks everyone.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users