[kwlug-disc] Email received with no email address in the to: line

Khalid Baheyeldin kb at 2bits.com
Mon Apr 10 16:55:25 EDT 2017


I went cross-eyed trying to read the headers (Google changed the 'Original'
from plain text in the past to HTML now, and hence the headers are not
separated by new lines).

The fact that the To: header does not have an email address may not be an
issue at all.

See this for example:

https://sites.google.com/a/stcharlessd.org/technology-for-you/stuff-of-interest/googlemail-sendingemailtoundisclosedrecipients

It could very well be a genuine message, but perhaps there is a
mis-spelling on the email address by one or to characters which happens to
be your email address.

Try to contact them and ask if this is the case.

On Mon, Apr 10, 2017 at 4:44 PM, Chamunks <chamunks at gmail.com> wrote:

> I tried finding something like that but couldn't remember what to look
> for.   Found it and I'm including a sanitized paste of the original email
> content. Although it doesn't look like this is my fault it looks like it's
> on Google. I just don't want to be leaking spam.
>
> Delivered-To: REDACTED at gmail.com Received: by 10.182.177.4 with SMTP id
> cm4csp425740obc; Mon, 10 Apr 2017 07:46:07 -0700 (PDT) X-Received: by
> 10.107.5.139 with SMTP id 133mr53006106iof.107.1491835567672; Mon, 10 Apr
> 2017 07:46:07 -0700 (PDT) Return-Path: <powerschool at hccsc.k12.in.us>
> Received: from astaro.hccsc.k12.in.us (mail.hccsc.k12.in.us.
> [165.139.22.133]) by mx.google.com with ESMTPS id
> b17si14505692iob.27.2017.04.10.07.46.07 for <REDACTED at gmail.com>
> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 10
> Apr 2017 07:46:07 -0700 (PDT) Received-SPF: pass (google.com: domain of
> powerschool at hccsc.k12.in.us designates 165.139.22.133 as permitted
> sender) client-ip=165.139.22.133; Authentication-Results: mx.google.com;
> spf=pass (google.com: domain of powerschool at hccsc.k12.in.us designates
> 165.139.22.133 as permitted sender) smtp.mailfrom=powerschool@
> hccsc.k12.in.us Received: from [172.28.2.9] (port=41438 helo=
> V1-EXCH-01.hccsc.k12.in.us) by astaro.hccsc.k12.in.us with esmtps
> (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.82_1-5b7a7c0-XX) (envelope-from <
> powerschool at hccsc.k12.in.us>) id 1cxaZw-0000JA-2h for REDACTED at gmail.com;
> Mon, 10 Apr 2017 10:46:04 -0400 Received: from 172.28.2.2 (172.28.2.2) by
> V1-EXCH-01.hccsc.k12.in.us (172.28.2.9) with Microsoft SMTP Server id
> 14.3.319.2; Mon, 10 Apr 2017 10:46:03 -0400 Date: Mon, 10 Apr 2017 14:46:01
> +0000 Subject: Your PowerSchool Parent account information has changed.
> From: <powerschool at hccsc.k12.in.us> Content-Type: text/plain;
> charset="UTF-8" MIME-Version: 1.0 Message-ID: <9f22a1e8-a73e-44a6-9b78-
> cc932ed4ab75 at V1-EXCH-01.hccsc.k12.in.us> To: Undisclosed recipients:;
> Return-Path: powerschool at hccsc.k12.in.us You have received this
> notification because the following information for your PowerSchool Parent
> account has changed: Student: Jason Blake was removed The change was made
> on 04/10/2017 at 10:45 AM. If the changes described above are accurate, no
> further action is needed. If anything does not look right, contact your
> school directly.
>
> On Mon, Apr 10, 2017, 4:32 PM Khalid Baheyeldin <kb at 2bits.com> wrote:
>
>> Did you check the headers?
>>
>> It is under 'Show Original' from the drop down arrow on the right of the
>> message.
>>
>>
>> On Mon, Apr 10, 2017 at 4:26 PM, Chamunks <chamunks at gmail.com> wrote:
>>
>> Sorry about the double post... Touch screens are too sensitive and I hit
>> send while switching hands.
>>
>> Cont'd...  I'm guessing that someone's found a way to send strange emails
>> to all of my servers users or something.  There's really not much
>> information in the Gmail ui anymore.  They seem to be really trying to make
>> it tough for people who care about the details lately.  ( Like in chrome
>> you have to dig real deep into the inspector to read tls cert info.)
>>
>> On Mon, Apr 10, 2017, 4:22 PM Chamunks <chamunks at gmail.com> wrote:
>>
>> I'm wondering and if anyone else has had this before. The only reason I
>> can think is that Gmail fetched an email from my new email server I setup
>> using https://poste.io which is a docker runnable complete email
>> solution with a proprietary panel on top of Foss software beneath it.
>>
>>
>> _______________________________________________
>> kwlug-disc mailing list
>> kwlug-disc at kwlug.org
>> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>>
>>
>>
>>
>> --
>> Khalid M. Baheyeldin
>> 2bits.com, Inc.
>> Fast Reliable Drupal
>> Drupal optimization, development, customization and consulting.
>> Simplicity is prerequisite for reliability. --  Edsger W.Dijkstra
>> Simplicity is the ultimate sophistication. --   Leonardo da Vinci
>> For every complex problem, there is an answer that is clear, simple, and
>> wrong." -- H.L. Mencken
>> _______________________________________________
>> kwlug-disc mailing list
>> kwlug-disc at kwlug.org
>> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>>
>


-- 
Khalid M. Baheyeldin
2bits.com, Inc.
Fast Reliable Drupal
Drupal optimization, development, customization and consulting.
Simplicity is prerequisite for reliability. --  Edsger W.Dijkstra
Simplicity is the ultimate sophistication. --   Leonardo da Vinci
For every complex problem, there is an answer that is clear, simple, and
wrong." -- H.L. Mencken
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20170410/7e16093e/attachment.htm>


More information about the kwlug-disc mailing list