I've been receiving some bounced emails that are spam. I'm trying to work out if I have a compromised machine or if my address is being using in the From field.
Here's that part of the header of a bounced email. (Just to be clear, this is the original email's header that was thankfully included in the body of the failed-to-send email.)
Return-path: <[email protected]>
Received: from ppp-124-120-159-22.revip2.asianet.co.th ([18.104.22.168]:59862)
by server.myHostingCompany.com with esmtpa (Exim 4.82)
(envelope-from <[email protected]>)
id 1XJiZA-001Uy1-Lr; Tue, 19 Aug 2014 06:31:09 -0600
The Received IP address is Bangkok, but it's the "by server.myHostingCompany.com" that's troubling me. Why is my host's server there? I would assume that if it's merely spoofing my email address it would go from 22.214.171.124 to the recepients.
So, I'm mostly sure they're merely using my email address, but I'd like to be sure. I've contacted my hosting company, but they're being a bit slow to respond; plus I like multiple views.
Thanks for the help!
Thanks for your question xpf610.
It's sad to say that all of the information in the header can be false.
Those that know how can send an email from virtually an email address or IP they want, at least according to the header.
To find out if there is a problem with one of your computers, setup a method of logging all TCP/IP traffic on your network. Many routers have the ability to do that otherwise there are softwares available to do that. Microsoft has a program called https://www.microsoft.com/en-us/download/details.aspx?id=4865 Microsoft Network Monitor.