Email that keeps being emailed to me

[Guest]

We are in a small office and our email is hosted by a company called XO.
Everyone in our office keeps getting this same email about 10 times a day
from the same person and she is not sending the email. I checked her
computer for a virus and there is none, and her computer is updated with the
latest virus def. I have done some reading and I found something on spoofing
which I'm assuming that is what it is. However I just want to make sure that
is what it is.... I have included the email header I don't know if that will
help.

Return-Path: <[email protected]>
Received: from leviathan.cnchost.com (leviathan.cnchost.com [207.155.252.18])
by impregnable.cnchost.com (ConcentricHost(2.54) MX) with ESMTP id
D36397C30D;
Thu, 6 Apr 2006 11:29:37 -0400 (EDT)
Received: from ElenaValero (rrcs-24-213-142-237.nys.biz.rr.com
[24.213.142.237])
by leviathan.cnchost.com
id JAA11474; Wed, 5 Apr 2006 09:47:24 -0400 (EDT)
[ConcentricHost SMTP Relay 1.17]
Errors-To: <[email protected]>
Message-ID: <011d01c658b7$76081b20$0e03a8c0@ElenaValero>
Reply-To: "Elena Valero" <[email protected]>
From: "Elena Valero" <[email protected]>
To: "Tracy" <[email protected]>,
"Tamara Queary" <[email protected]>,
"Shirley" <[email protected]>,
"Ruth" <[email protected]>, "Mrs. D" <[email protected]>,
"Melanie" <[email protected]>,
"Laurie" <[email protected]>,
"Kay Sabo" <[email protected]>,
"Jessica" <[email protected]>, "Jen" <[email protected]>,
"Jade" <[email protected]>,
"Debbie" <[email protected]>,
"Brent" <[email protected]>,
"April" <[email protected]>,
"Andre" <[email protected]>
Subject: Fw: Tequila & Salt
Date: Wed, 5 Apr 2006 09:47:17 -0400
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_011A_01C65895.ECFAAB20"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-UIDL: 510

 

[Guest]

It is most probabaly a spoof email. Copy the header of this spoof email and
check for the source IP and see if it is the same ip pointing to you mail
server IP.
--
Asif Ali Ansari
Exchange Administrator
KNPC
Shuwaikh Ind Area
P O BOX 42117
(e-mail address removed)
Kuwait

 

[Guest]

Lets just say it's not a spoof email, what else could be going on?

Thanks- Andre

It is most probabaly a spoof email. Copy the header of this spoof email and
check for the source IP and see if it is the same ip pointing to you mail
server IP.
--
Asif Ali Ansari
Exchange Administrator
KNPC
Shuwaikh Ind Area
P O BOX 42117
(e-mail address removed)
Kuwait

We are in a small office and our email is hosted by a company called XO.
Everyone in our office keeps getting this same email about 10 times a day
from the same person and she is not sending the email. I checked her
computer for a virus and there is none, and her computer is updated with the
latest virus def. I have done some reading and I found something on spoofing
which I'm assuming that is what it is. However I just want to make sure that
is what it is.... I have included the email header I don't know if that will
help.

Return-Path: <[email protected]>
Received: from leviathan.cnchost.com (leviathan.cnchost.com [207.155.252.18])
by impregnable.cnchost.com (ConcentricHost(2.54) MX) with ESMTP id
D36397C30D;
Thu, 6 Apr 2006 11:29:37 -0400 (EDT)
Received: from ElenaValero (rrcs-24-213-142-237.nys.biz.rr.com
[24.213.142.237])
by leviathan.cnchost.com
id JAA11474; Wed, 5 Apr 2006 09:47:24 -0400 (EDT)
[ConcentricHost SMTP Relay 1.17]
Errors-To: <[email protected]>
Message-ID: <011d01c658b7$76081b20$0e03a8c0@ElenaValero>
Reply-To: "Elena Valero" <[email protected]>
From: "Elena Valero" <[email protected]>
To: "Tracy" <[email protected]>,
"Tamara Queary" <[email protected]>,
"Shirley" <[email protected]>,
"Ruth" <[email protected]>, "Mrs. D" <[email protected]>,
"Melanie" <[email protected]>,
"Laurie" <[email protected]>,
"Kay Sabo" <[email protected]>,
"Jessica" <[email protected]>, "Jen" <[email protected]>,
"Jade" <[email protected]>,
"Debbie" <[email protected]>,
"Brent" <[email protected]>,
"April" <[email protected]>,
"Andre" <[email protected]>
Subject: Fw: Tequila & Salt
Date: Wed, 5 Apr 2006 09:47:17 -0400
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_011A_01C65895.ECFAAB20"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-UIDL: 510

 

[Brian Tillman]

We are in a small office and our email is hosted by a company called
XO.

I sure hope that you modified all the addresses you included in your post
because if you haven't your co-workers will not thank you for giving their
addresses tio SPAMmers and virus-generators, which you always do by posting
real addresses in public newsgroups.

 

[Guest]

Dear Andre,

It would be difficult to judge anything at this stage until we minimize the
possibilities. You first make sure it is not spoof by checking the header.
Once you check the header you'll know the source IP it is coming from outside
or inside of your organization. Lets say it is not spoof and you see internal
IP as the source. It might be a virus having its own smtp server. You can
also check SMTP logs to confirm the source IP
--
Asif Ali Ansari
Exchange Administrator
KNPC
Shuwaikh Ind. Area
P O BOX 42117
(e-mail address removed)
Kuwait