Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have received an email from myself which I did not send. What is happening?


  • Please log in to reply
1 reply to this topic

#1 SCARLETSPHERE

SCARLETSPHERE

  • Members
  • 1 posts
  • OFFLINE
  •  

Posted 09 February 2017 - 11:37 PM

Below is the source of the email that had the message:

 

An attempt to transmit confidential data via email was detected.

Please ensure that no company policy has been violated

Received: from SG2PR01CA0006.apcprd01.prod.exchangelabs.com
 (2a01:111:e400:79a6::16) by HKNPR01MB0483.apcprd01.prod.exchangelabs.com
 (2a01:111:e400:1c9e::25) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.888.16 via Mailbox
 Transport; Thu, 9 Feb 2017 06:52:28 +0000
Received: from inbound.mail.protection.outlook.com (65.55.88.20) by
 SG2PR01CA0006.outlook.office365.com (10.165.9.144) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
 15.1.888.16 via Frontend Transport; Thu, 9 Feb 2017 06:52:27 +0000
Received: from PU1APC01FT052.eop-APC01.prod.protection.outlook.com
 (10.152.252.60) by PU1APC01HT250.eop-APC01.prod.protection.outlook.com
 (10.152.253.173) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.874.2; Thu, 9 Feb
 2017 06:52:18 +0000
Authentication-Results: spf=softfail (sender IP is 203.117.108.53)
 smtp.mailfrom=hotmail.com; hotmail.com; dkim=none (message not signed)
 header.d=none;hotmail.com; dmarc=fail action=none header.from=hotmail.com;
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning
 hotmail.com discourages use of 203.117.108.53 as permitted sender)
Received: from BAY004-MC6F30.hotmail.com (10.152.252.51) by
 PU1APC01FT052.mail.protection.outlook.com (10.152.253.137) with Microsoft
 SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.874.2 via Frontend
 Transport; Thu, 9 Feb 2017 06:52:16 +0000
X-IncomingTopHeaderMarker: OriginalChecksum:E43D10BDD0C6E58D3FB55F7311F6E26E2C4FE5D11F69584B78DA31BB057B4A05;UpperCasedChecksum:46BA1A5C0FB993DA580A1A628269AD236E2EDC9FB5C81C4DC0398BE374B19FDB;SizeAsReceived:766;Count:12
Received: from smtp.m1.com.sg ([203.117.108.53]) by BAY004-MC6F30.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23143);
	 Wed, 8 Feb 2017 22:52:13 -0800
Date: Thu, 9 Feb 2017 14:52:04 +0800
To: <KAM1@hotmail.com>
From: <KAM1@hotmail.com>
Content-Type: multipart/mixed;
	boundary="------------Boundary-00=_SQH3U9A5B6PPJDU1VA40"
X-NAI-Header: Modified by McAfee Email Gateway (5000)
X-NAI-ID: 2f79_815a_c3abb4dd_c030_481a_ae9f_bd9991ff4e1cPNT:E4BFAE83-085F-457F-A8DF-B89075E2B774
Subject: NOTICE: mail delivery status
Return-Path: kam1@hotmail.com
Message-ID: <BAY004-MC6F30rPrvCW00cee733@BAY004-MC6F30.hotmail.com>
X-OriginalArrivalTime: 09 Feb 2017 06:52:13.0795 (UTC) FILETIME=[0B4A9B30:01D282A1]
X-IncomingHeaderCount: 12
X-MS-Exchange-Organization-Network-Message-Id: 6f5967d5-2aa3-44ca-7725-08d450b8305e
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa:0
X-MS-Exchange-Organization-MessageDirectionality: Incoming
CMM-sender-ip: 203.117.108.53
CMM-sending-ip: 203.117.108.53
CMM-Authentication-Results: hotmail.com; spf=softfail (sender IP is
 203.117.108.53; identity alignment result is pass and alignment mode is
 relaxed) smtp.mailfrom=KAM1@hotmail.com; dkim=none (identity alignment
 result is pass and alignment mode is relaxed) header.d=hotmail.com;
 x-hmca=fail header.id=KAM1@hotmail.com
CMM-X-SID-PRA: KAM1@hotmail.com
CMM-X-AUTH-Result: FAIL
CMM-X-SID-Result: FAIL
CMM-X-Message-Status: n:n
CMM-X-Message-Delivery: Vj0xLjE7dXM9MDtsPTE7YT0xO0Q9MjtHRD0xO1NDTD0w
CMM-X-Message-Info: 11chDOWqoTmTEQjdERgV1TXGyIpSO88GHoomofjatbg5yX5PkOYP2lnFopzjduTIc9064tjrrLZ+Kkg0MFx+7r6Q38VQnHLYsK05j9cGd2V0V0wSpgnd5VCmZuNxmJVftUBC5nB5tcTamoU76hRVTdjvkaF+6MAzJ1zjpT0jUKQqH3qdgh5phdR6wQhgcWBKFC2eHMIHogmiOH6ryxiTTlb7wNOv97lcInbt48oG8Www899IUjq+Rg==
X-MS-Exchange-Organization-PCL: 2
X-Microsoft-Exchange-Diagnostics: 1;PU1APC01FT052;1:FNXi0LL8F4w6OF5KK68cEkes+NQD7QHlakzIgvBd6YnsyEdLHyuyUqY4QIqDTgOXo1hpv2EkLvaObQQk9o8MMuhfQ4DcFctzW5qAuukqR2UHy0uTdWMFR7cScYLa1BFpUp+x1G1Qn3Tu55aJOGxufg==
X-Forefront-Antispam-Report: EFV:NLI;SFV:SPM;SFS:(28900001);DIR:INB;SFP:;SCL:5;SRVR:PU1APC01HT250;H:BAY004-MC6F30.hotmail.com;FPR:;SPF:None;CAT:SPM;LANG:en;
X-MS-Office365-Filtering-Correlation-Id: 6f5967d5-2aa3-44ca-7725-08d450b8305e
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:(22001)(8291500097)(8291501071);SRVR:PU1APC01HT250;
X-Microsoft-Exchange-Diagnostics: 1;PU1APC01HT250;3:te7H+NI3jr354DgHBiIoYer1CdooIyjBSb80mWV6RszWWOb03I59HLAcHqcewsTJG/okphqMD3hRKjwv8WB9m77ZSBzuZaQQo7LCQIuBc0eyX/SjcdkFcASn/CylyMrAuT9wXv/fdbG3SDkidukAT+NNEHWGCGWIekXZLMqCKpg9IFuHOitaXvisK+8fZQlzhmG/LCp6qj1L8BnBPIUHIgEdxxjjBkhOn0zNYNgeBPPNtNX37OOctAUvff57bi2hm64kiiOvmrGecakvYpqD7eTJrE/1wIGTL4a/qyY0dz7GL29AUKzPv/dM+q7kLfv9IS9a/CfO9Ib9qtEL/dPnvaNYT88v8AjpZ6SzJ5VqOZ8wtPqqUloPHouk2yGMgvWqyTLAt1MnaLAK/3s1oaLBxQ==;25:pP7dS044fHy7NSnHeGn5e/hHDKHOOs933H47MEpmHu2m7SE7jQga9xcaVCTZV3sW/4Su4hUc+mZn6oqofv4rZY1OOMo3CfddMVm5GnshyluUOxGzVTZVZdU0+gkVe4qjkl9HcCseqZ1/rbL5T/RCHtAJAkk9tzV21e/os30LxJaAzjqhXKoYgCh0/vbaNzBciPF62rOcOq8v6it3/Dro7knaEEwj4kTs8u/hd4ny3IorrMwK7J8JNtfIQZG+ky11N9Q98V1ot65tRiCsdv8gBDthbEP1sXqOtN/RfY90+Vxe9RfQYYgay+ywJRq4zKuAe0QGSOvgmjquISodX7ghjYkkkRbSgtTNWKy/JID5897h38DtWvD+cuL3jF1Jt236WjSxoa1izCuZOpCs5oJdetEOLUAv5EJ7gDau57Bs+8Pp404SqYb+swf4TQbwOD2lprDvvuFFp9/TGfK9bGsSA1NiUws3XoclynMNWRXCTA8=
X-MS-Exchange-Organization-AVStamp-Service: 1.0
X-Microsoft-Exchange-Diagnostics: 1;PU1APC01HT250;31:kNZDrKVZBY5NSEU4y3gDO/L/mAsxSR029goUuoVpkWSlNtXfO3kmdPtANuTpgHRMnAEy1HnThtBElHSm6cOVADZokHXPer9wDRmIpnya8zwi8puDtEfw5o2vLHAb2lF1Dfeba7FRt4lr6IpRaDbFYXTjGfq63YVOUOiTbBToYd2FbtPDadRwyhDpltjSCDn8+IPJoLsxbDjblN94h5oa1vuA/xKmzfgxMxYG3CApfutqaYlkijHPxHjsl1O4nDpkPnDbH8wZQIssAUpghdUKTw==;4:HJPjo4R4dov2qa6Sp/frfzql05PdsSt2H6dLEdGlwIj/PUNBFtaOqsuDhMW73IsI2bfFxUN5LEnbsKsmlGJtPpfaD7JHUfIKVaE3LrYMg+uGR6hX719OvH/PayJySqsONcZ5l5GrsMldZjcUpaP3SWSFO+CxbytLvmAovcdjFI9YeaJ3aKgcc2Kofxb7IhwPIGugxu90N95XYS31BoZlJVVP/bMXzBToLPZ9wMoWGiNJt7AkMmxlpZL/eAjOATcZpjeA+4Mjmeu6vooc2ReygElYWrcm3z4EKOpEJFaZ3/qN3oLQdToSNZvUP+EUjwhi;23:YA/SBbz+TC+a/MaWZjDjmAxxYNOgzHzHbFW2IuNKy+JvM2Xr9jqp6NCi2DQhFGxhtdL9NCzIu5GuEnFiG/KK4KsNFt/Zxq4Gyn3TvGeie8CDPVD98pYRPxitaBlG1aXo/IUcFmquAPOdFZV+7DStVlsT3OJ73fQlWNpWm5bNJOm/3Gleu+JABGPyzUGisDvpYHrH8NFtF59SkHNSTnpSTg==
X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(444111354)(82015046);SRVR:PU1APC01HT250;BCL:0;PCL:0;RULEID:;SRVR:PU1APC01HT250;
X-MS-Exchange-Organization-SCL: 5
X-Microsoft-Exchange-Diagnostics: 1;PU1APC01HT250;6:pJiac2VEKNl6uysp0b6Ehq+nMTIqmqlicrINFj36sReorEL+8G20dkhC3sVPFS4+TbTewtIgWImoCaa4MWg+GzKCshp9zQ9tbjzRP+Fv2O48RR9ha7qHYBfFr0SfSw85AXAGfaVARHd+RzfKHPQFnmRTJZ+wyXxvc5uMGZHVOaBSIzRUUoPnuWnhgUfGu/MQr2WnSTKUjy913QtnHdhx5JrxR2OjPnIJcHPNsosfOGEs28zqPMD+zR1a2RHM2BpbghqzssQQ+7WNm1U4EClV7VU/3nXGufFyr1paB1ZigQreGlIYPsiWAkDuWnEAwaBQKFrDX6RZsLGlnVXrDLgrW2rhQYT7KBoFRMF/tIewl1845J9L0rqx79GansuT6K9FQ4kTo4KLT5CGsfUIRiL8tdLPLS77Wjn/zqCfdn8YA4SPqDtk2ikNwAb1tETk8pmg7+woyNrK9YyUtAekcnSEqAIBB4W1/bXhiRp5OJh79vbtFUdETmaFFx7B0a9se4qj;5:VevLfr6Wws2ddGH7rafZQLD+0QlyWSpJVLTONckI4p4eACW0zvI+et5cYVhxU3QIPcpZtq7XVXFRnHXFR5I7Kopfxzxv6yVs2oS1c+JcU0Gjz+WRLg6NWh1J160TQNznQSK31xHyv29b2e9JlDVA+w==;24:cSBDDQQMWFIkfHJYx3oPaiQkDpzYNrR9mfzROjpqH44f659gKRD94/7JrqKe/z4i4YH4GYef8JuyHCVyq6GpVQ==
SpamDiagnosticOutput: 1:22
SpamDiagnosticMetadata: Default
X-Microsoft-Exchange-Diagnostics: 1;PU1APC01HT250;7:GI/YNWFbRoyKxY0QVcnIsvPEdwxn6oG/5BUhL25Iw9hUPrSl3GxCmMMLP068DHD96E75rPbhQApWs+UztWhQ/dfBnnhbUqAnxLtFovq7O0zNqnlZBocL5dMhbKvUsm2Qw8xs30eEu3QM3R3+7wS1/Fm3OlDtLRO1g3Nbms0rnzC2jO4TJitUoat/ZKEeoP7rrmqLXDJWf+Sknj6R1wFkaA0YziqGzLQlk9cYZB/yH+tfHd81wKDetZlNlJkuDHLeO/ToGyLJWZiqB8EbVHvFB4a1tsnZ3iBXf+r08VXUoL33wfL0+jZyiuepAOKAq7WZzszNKcTrrAwa31AUCeaH8tKHAzApWpDsqQ0xezq+FoTStXdD+xaWCDfTwpJZUIl78aCylu7mS7guaUnbcohJQs/pb40mM2wZRx6nQfNNOj3682Lec1fc2xCPPhGKPVW+KKIQNjR/AOgqLO57uAoEWt6I2IXpSxtizSaZGenb9+r7v99YZrF83jv976hqqyeJx9CT2tsnNV7HoCyMqZHb4XRcjXUjz1KPBz+iAB/2gipKwXiS5uwlL+ZVozoaUhLRp5ixVqK9L3iSWUD9PqAdwWIEwbpR6ZFlHIrWEbkGe5Hn2YBPdnslwpYtTLmYgzlBdaCVNNp9j0NsTs16i0U/bA==
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Feb 2017 06:52:16.4283
 (UTC)
X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PU1APC01HT250
X-MS-Exchange-Organization-AuthSource: PU1APC01FT052.eop-APC01.prod.protection.outlook.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-OriginatorOrg: hotmail.com
X-MS-Exchange-Transport-EndToEndLatency: 00:00:11.8067612
X-Microsoft-Exchange-Diagnostics:
	1;HKNPR01MB0483;27:XOAEMJ/sQzYeYQG6d71dgXnIr1WW9FWPOG/YbXU/pOXDCJhild8T4G+IGfb0WeyTLFhmaEBQxxoepGOz8HjaFcxoqMR8WQjCjPQh6lr683M4ohc8gX0xQ0iHKdn+NMwyRREEImNdLtS9GCFMqC9uOw==
X-Microsoft-Antispam-Mailbox-Delivery:
	iwl:0;ijl:0;dkl:0;rwl:0;ex:0;auth:0;dest:J;WIMS-SenderIP:203.117.108.53;WIMS-SPF:hotmail%2ecom;WIMS-DKIM:hotmail%2ecom;WIMS-822:kam1%40hotmail%2ecom;WIMS-PRA:kam1%40hotmail%2ecom;WIMS-AUTH:FAIL;ENG:(102400140)(102420017);RF:JunkEmail;OFR:SpamFilterAuthJ;
MIME-Version: 1.0

--------------Boundary-00=_SQH3U9A5B6PPJDU1VA40
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
X-Microsoft-Exchange-Diagnostics:
	1;HKNPR01MB0483;27:XOAEMJ/sQzYeYQG6d71dgXnIr1WW9FWPOG/YbXU/pOXDCJhild8T4G+IGfb0WeyTLFhmaEBQxxoepGOz8HjaFcxoqMR8WQjCjPQh6lr683M4ohc8gX0xQ0iHKdn+NMwyRREEImNdLtS9GCFMqC9uOw==
X-Microsoft-Antispam-Mailbox-Delivery:
	iwl:0;ijl:0;dkl:0;rwl:0;ex:0;auth:0;dest:J;WIMS-SenderIP:203.117.108.53;WIMS-SPF:hotmail%2ecom;WIMS-DKIM:hotmail%2ecom;WIMS-822:kam1%40hotmail%2ecom;WIMS-PRA:kam1%40hotmail%2ecom;WIMS-AUTH:FAIL;ENG:(102400140)(102420017);RF:JunkEmail;OFR:SpamFilterAuthJ;

An attempt to transmit confidential data via email was detected.

Please ensure that no company policy has been violated
--------------Boundary-00=_SQH3U9A5B6PPJDU1VA40--



BC AdBot (Login to Remove)

 


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:02 PM

Posted 10 February 2017 - 06:24 AM

The IP address is from a large telco in SIngapore: Received: from smtp.m1.com.sg ([203.117.108.53])

 

Does that ring a bell?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users