I've been receiving some bounced emails that are spam. I'm trying to work out if I have a compromised machine or if my address is being using in the From field.
Here's that part of the header of a bounced email. (Just to be clear, this is the original email's header that was thankfully included in the body of the failed-to-send email.)
Received: from ppp-124-120-159-22.revip2.asianet.co.th ([22.214.171.124]:59862)
by server.myHostingCompany.com with esmtpa (Exim 4.82)
id 1XJiZA-001Uy1-Lr; Tue, 19 Aug 2014 06:31:09 -0600[/CODE]
The Received IP address is Bangkok, but it's the "by server.myHostingCompany.com" that's troubling me. Why is my host's server there? I would assume that if it's merely spoofing my email address it would go from 126.96.36.199 to the recepients.
So, I'm mostly sure they're merely using my email address, but I'd like to be sure. I've contacted my hosting company, but they're being a bit slow to respond; plus I like multiple views.
Thanks for the help!
Thanks for your question xpf610.
It's sad to say that all of the information in the header can be false.
Those that know how can send an email from virtually an email address or IP they want, at least according to the header.
To find out if there is a problem with one of your computers, setup a method of logging all TCP/IP traffic on your network. Many routers have the ability to do that otherwise there are softwares available to do that. Microsoft has a program called [URL="https://www.microsoft.com/en-us/download/details.aspx?id=4865"]Microsoft Network Monitor[/URL].