Cable Forum - Is This Legitimate or a Scam?

Cable Forum (https://www.cableforum.uk/board/index.php)

- Webspace, E-Mail & Browsing Issues (https://www.cableforum.uk/board/forumdisplay.php?f=80)

- - Is This Legitimate or a Scam? (https://www.cableforum.uk/board/showthread.php?t=33652790)

Re: Is This Legitimate or a Scam?

Quote:

Originally Posted by dave6x (Post 34835620)

The header below is interesting in that the detail appears to be suppressed,

Pity as at least then you'd have the originating IP would would have told you for definate if it was spam or not..

Re: Is This Legitimate or a Scam?

Quote:

Originally Posted by Kymmy (Post 34835638)

Pity as at least then you'd have the originating IP would would have told you for definate if it was spam or not..

OK, the resolution thus far!!! My version, not VM's, they will follow up next week apparently.

I was contacted by VM Security by telephone and we have had a long conversation.

The email is generated by the VM/NTL email system when an oversize message is detected. The lack of a full header in this case is due the the email being internal to the mail system. They were mystified by the inclusion of the admin@email-argos.co.uk and were investigating this.

However as I was drinking my afternoon cuppa I thought that there was something strange in that an email addy appeared in the opened email, but was not present in the message header as a "Return Path"! Subsequently I have checked my Windows Mail contacts list and there is the addy for admin@email-argos.co.uk from an email exchange I had with Argos last year!!!

It would appear that a "feature" of Windows Mail has associated the word "admin" in the "From" field in the email header with the only email address in my contacts list containing the word "admin". Deleting the address from my Contacts and sending another oversize test email resulted in the same message being sent with just the word "admin" in the "From" field and no email addy association! Microsoft strikes again!

I have contacted VM to let them know this.

Re: Is This Legitimate or a Scam?

Quote:

Originally Posted by dave6x (Post 34835715)

Nice work there sir, well spotted :)

Re: Is This Legitimate or a Scam?

Quote:

Originally Posted by dave6x (Post 34835356)

If you are suggesting this really is a scam then there is a very serious security issue with the Virginmedia/NTL mail servers as I am receiving a similar message from the same source address for every over-size test message I have sent to my Viginmedia/NTL mail accounts!!!

Maybe somebody else would like to try a similar exercise to the one I tried at Serial #5 above, i.e. send themselves an oversized message from another email account, and then report back the message they receive and the address it was sourced from? I used a googlemail account as the send addy for this.

Thanks

This is spoofing, it's very easy to do via telnet

Now, go to Start>Run>cmd then in the cmd window,

Type telnet mx1.hotmail.com 25

then HELO hotmail.com then MAIL FROM : (fake email here)

then RCPT TO: (person)then DATA then type your message,

you can press enter for a new line, finish the message by a full stop (.) on a new line, press enter!

Thats what it is! So yes, fake..

Re: Is This Legitimate or a Scam?

Quote:

Originally Posted by webcrawler2050 (Post 34835746)

Have you read post #17?

Re: Is This Legitimate or a Scam?

Thanks to all for your interest and some useful comments on this thread.

I have received just a little more information from VM on this matter to close it, relevant bits copied below:

I've received confirmation from our messaging team that the email is generated if an email is sent to your address that is over 10Mb in size, apologies for the confusion. I'll review the email more fully with our messaging team to see how it can be improved to provide more pertinent information in the future.

Thanks for bringing this to our attention.