[kwlug-disc] Email received with no email address in the to: line
Chamunks
chamunks at gmail.com
Thu Apr 13 13:30:47 EDT 2017
I sent an email but there was an automatic rejection response so I just
trashed and figured that it'll not be a problem.
On Mon, Apr 10, 2017 at 5:29 PM Khalid Baheyeldin <kb at 2bits.com> wrote:
> Agree that managing your email infrastructure is a very daunting task.
>
> But back to the email message:
>
> Here are the headers, the best I could decipher them:
>
> ===
>
> Delivered-To: REDACTED at gmail.com Received: by 10.182.177.4 with SMTP id
> cm4csp425740obc; Mon, 10 Apr 2017 07:46:07 -0700 (PDT)
> X-Received: by 10.107.5.139 with SMTP id
> 133mr53006106iof.107.1491835567672; Mon, 10 Apr 2017 07:46:07 -0700 (PDT)
> Return-Path: <powerschool at hccsc.k12.in.us>
> Received: from astaro.hccsc.k12.in.us (mail.hccsc.k12.in.us.
> [165.139.22.133]) by mx.google.com with ESMTPS id
> b17si14505692iob.27.2017.04.10.07.46.07 for <REDACTED at gmail.com>
> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 10
> Apr 2017 07:46:07 -0700 (PDT)
> Received-SPF: pass (google.com: domain of powerschool at hccsc.k12.in.us
> designates 165.139.22.133 as permitted sender) client-ip=165.139.22.133;
> Authentication-Results: mx.google.com; spf=pass (google.com: domain of
> powerschool at hccsc.k12.in.us designates 165.139.22.133 as permitted
> sender) smtp.mailfrom=powerschool at hccsc.k12.in.us
> Received: from [172.28.2.9] (port=41438 helo=V1-EXCH-01.hccsc.k12.in.us)
> by astaro.hccsc.k12.in.us with esmtps (TLSv1:DHE-RSA-AES256-SHA:256)
> (Exim 4.82_1-5b7a7c0-XX) (envelope-from <powerschool at hccsc.k12.in.us>) id
> 1cxaZw-0000JA-2h for REDACTED at gmail.com; Mon, 10 Apr 2017 10:46:04 -0400
> Received: from 172.28.2.2 (172.28.2.2) by V1-EXCH-01.hccsc.k12.in.us
> (172.28.2.9) with Microsoft SMTP Server id 14.3.319.2; Mon, 10 Apr 2017
> 10:46:03 -0400
> Date: Mon, 10 Apr 2017 14:46:01 +0000
> Subject: Your PowerSchool Parent account information has changed.
> From: <powerschool at hccsc.k12.in.us>
> Content-Type: text/plain; charset="UTF-8" MIME-Version: 1.0 Message-ID: <
> 9f22a1e8-a73e-44a6-9b78-cc932ed4ab75 at V1-EXCH-01.hccsc.k12.in.us>
> To: Undisclosed recipients:;
> Return-Path: powerschool at hccsc.k12.in.us
>
> You have received this notification because the following information for
> your PowerSchool Parent account has changed:
> Student: Jason Blake was removed
> The change was made on 04/10/2017 at 10:45 AM.
> If the changes described above are accurate, no further action is needed.
> If anything does not look right, contact your school directly.
> ===
> ancient or not, it may be a one or two letter typo that made it end up in
> your inbox.
>
> There is this in the headers:
>
> From: <powerschool at hccsc.k12.in.us>
>
> And it is in the return path as well.
>
> So perhaps try emailing that from the ancient address, and ask for
> investigation/removal.
>
> All this does not have any sign of spam so far.
>
> On Mon, Apr 10, 2017 at 5:04 PM, Chamunks <chamunks at gmail.com> wrote:
>
> The email they contacted is ancient, from 2005 Gmail private beta. It gets
> copious amounts of spam. I just don't see any real website affiliated with
> PowerSchool or anything like that contained in the email.
>
> Yeah the header was a terrible mess. I should have tried to clean it up a
> bit aside from just redacting my email from it.
>
> I just wish that people would read about all the reasons not to run your
> own email server before they started. It's upsetting how complex it is.
> This is why i jumped on https://Poste.io
>
> On Mon, Apr 10, 2017, 4:57 PM Khalid Baheyeldin <kb at 2bits.com> wrote:
>
> I went cross-eyed trying to read the headers (Google changed the
> 'Original' from plain text in the past to HTML now, and hence the headers
> are not separated by new lines).
>
> The fact that the To: header does not have an email address may not be an
> issue at all.
>
> See this for example:
>
>
> https://sites.google.com/a/stcharlessd.org/technology-for-you/stuff-of-interest/googlemail-sendingemailtoundisclosedrecipients
>
> It could very well be a genuine message, but perhaps there is a
> mis-spelling on the email address by one or to characters which happens to
> be your email address.
>
> Try to contact them and ask if this is the case.
>
> On Mon, Apr 10, 2017 at 4:44 PM, Chamunks <chamunks at gmail.com> wrote:
>
> I tried finding something like that but couldn't remember what to look
> for. Found it and I'm including a sanitized paste of the original email
> content. Although it doesn't look like this is my fault it looks like it's
> on Google. I just don't want to be leaking spam.
>
> Delivered-To: REDACTED at gmail.com Received: by 10.182.177.4 with SMTP id
> cm4csp425740obc; Mon, 10 Apr 2017 07:46:07 -0700 (PDT) X-Received: by
> 10.107.5.139 with SMTP id 133mr53006106iof.107.1491835567672; Mon, 10 Apr
> 2017 07:46:07 -0700 (PDT) Return-Path: <powerschool at hccsc.k12.in.us>
> Received: from astaro.hccsc.k12.in.us (mail.hccsc.k12.in.us.
> [165.139.22.133]) by mx.google.com with ESMTPS id
> b17si14505692iob.27.2017.04.10.07.46.07 for <REDACTED at gmail.com>
> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 10
> Apr 2017 07:46:07 -0700 (PDT) Received-SPF: pass (google.com: domain of
> powerschool at hccsc.k12.in.us designates 165.139.22.133 as permitted
> sender) client-ip=165.139.22.133; Authentication-Results: mx.google.com;
> spf=pass (google.com: domain of powerschool at hccsc.k12.in.us designates
> 165.139.22.133 as permitted sender) smtp.mailfrom=
> powerschool at hccsc.k12.in.us Received: from [172.28.2.9] (port=41438 helo=
> V1-EXCH-01.hccsc.k12.in.us) by astaro.hccsc.k12.in.us with esmtps
> (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.82_1-5b7a7c0-XX) (envelope-from <
> powerschool at hccsc.k12.in.us>) id 1cxaZw-0000JA-2h for REDACTED at gmail.com;
> Mon, 10 Apr 2017 10:46:04 -0400 Received: from 172.28.2.2 (172.28.2.2) by
> V1-EXCH-01.hccsc.k12.in.us (172.28.2.9) with Microsoft SMTP Server id
> 14.3.319.2; Mon, 10 Apr 2017 10:46:03 -0400 Date: Mon, 10 Apr 2017 14:46:01
> +0000 Subject: Your PowerSchool Parent account information has changed.
> From: <powerschool at hccsc.k12.in.us> Content-Type: text/plain;
> charset="UTF-8" MIME-Version: 1.0 Message-ID: <
> 9f22a1e8-a73e-44a6-9b78-cc932ed4ab75 at V1-EXCH-01.hccsc.k12.in.us> To:
> Undisclosed recipients:; Return-Path: powerschool at hccsc.k12.in.us You
> have received this notification because the following information for your
> PowerSchool Parent account has changed: Student: Jason Blake was removed
> The change was made on 04/10/2017 at 10:45 AM. If the changes described
> above are accurate, no further action is needed. If anything does not look
> right, contact your school directly.
>
> On Mon, Apr 10, 2017, 4:32 PM Khalid Baheyeldin <kb at 2bits.com> wrote:
>
> Did you check the headers?
>
> It is under 'Show Original' from the drop down arrow on the right of the
> message.
>
>
> On Mon, Apr 10, 2017 at 4:26 PM, Chamunks <chamunks at gmail.com> wrote:
>
> Sorry about the double post... Touch screens are too sensitive and I hit
> send while switching hands.
>
> Cont'd... I'm guessing that someone's found a way to send strange emails
> to all of my servers users or something. There's really not much
> information in the Gmail ui anymore. They seem to be really trying to make
> it tough for people who care about the details lately. ( Like in chrome
> you have to dig real deep into the inspector to read tls cert info.)
>
> On Mon, Apr 10, 2017, 4:22 PM Chamunks <chamunks at gmail.com> wrote:
>
> I'm wondering and if anyone else has had this before. The only reason I
> can think is that Gmail fetched an email from my new email server I setup
> using https://poste.io which is a docker runnable complete email solution
> with a proprietary panel on top of Foss software beneath it.
>
>
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>
>
>
>
> --
> Khalid M. Baheyeldin
> 2bits.com, Inc.
> Fast Reliable Drupal
> Drupal optimization, development, customization and consulting.
> Simplicity is prerequisite for reliability. -- Edsger W.Dijkstra
> Simplicity is the ultimate sophistication. -- Leonardo da Vinci
> For every complex problem, there is an answer that is clear, simple, and
> wrong." -- H.L. Mencken
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>
>
>
>
> --
> Khalid M. Baheyeldin
> 2bits.com, Inc.
> Fast Reliable Drupal
> Drupal optimization, development, customization and consulting.
> Simplicity is prerequisite for reliability. -- Edsger W.Dijkstra
> Simplicity is the ultimate sophistication. -- Leonardo da Vinci
> For every complex problem, there is an answer that is clear, simple, and
> wrong." -- H.L. Mencken
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>
>
>
>
> --
> Khalid M. Baheyeldin
> 2bits.com, Inc.
> Fast Reliable Drupal
> Drupal optimization, development, customization and consulting.
> Simplicity is prerequisite for reliability. -- Edsger W.Dijkstra
> Simplicity is the ultimate sophistication. -- Leonardo da Vinci
> For every complex problem, there is an answer that is clear, simple, and
> wrong." -- H.L. Mencken
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20170413/1d0b9d1d/attachment.htm>
More information about the kwlug-disc
mailing list