dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
34

mmainprize
join:2001-12-06
Houghton Lake, MI

mmainprize to NormanS

Member

to NormanS

Re: DynDNS Hacked?

NormanS See Profile
SMTP doesn't require the "Receipt-To:" email address to be stamped in the headers. Most email services do not, but some do. Yahoo! Mail is one which does. From a test:

Once the email has been placed in the mailbox, the "Receipt-To" data is no longer needed, so it is normally discarded.

That interesting, The only e-mails like those i get are in my Hotmail inbox (I get those in outlook, i don't use the web interface).
So did that e-mail you sent with a wild-card in the address work or was it rejected as invalid address.

I do not know how they do it but i get e-mails with one or more addresses in the To: line but it is not my address listed. Like you stated it don't have to be there or was removed, and maybe it is a blind copy of some sort.

NormanS
I gave her time to steal my mind away
MVM
join:2001-02-14
San Jose, CA
TP-Link TD-8616
Asus RT-AC66U B1
Netgear FR114P

NormanS

MVM

said by mmainprize:

That interesting, The only e-mails like those i get are in my Hotmail inbox (I get those in outlook, i don't use the web interface).
So did that e-mail you sent with a wild-card in the address work or was it rejected as invalid address.

I did not use a 'wildcard' in the send. TTBMK, the '*' is not a valid symbol for an SMTP transaction. Perhaps I sould just have used a line of dots? I just wanted to redact the complete user name to avoid some spammer scraping the email addresses. The two user names in the example share a common initial letter, but are otherwise different; as, 'xact', and, 'xtra'.

I do not know how they do it but i get e-mails with one or more addresses in the To: line but it is not my address listed. Like you stated it don't have to be there or was removed, and maybe it is a blind copy of some sort.

Indeed, it is. The spammer has suppressed the list of recipients. Yahoo! Mail, and I believe the German service GMX Mail include the actual RCPT email addresses; most others do not.

But SMTP is very "literal"; if an email is delivered to your mailbox, the SMTP "RCPT TO:" command included that mailbox email address.

Archi
@superkabel.de

Archi

Anon

+1 on that. I am getting spam on my dyndns@mailhell.[...].[...] Mail Alias. The domain has a catch-all defined, but I only get spam on aliases I used online, so we can be close to 100% sure there was a breach of some kind. I noticed this just today as the USPS Spam made it pass SpamAssassin into my Inbox, but there might be more spam in my Junkbox since a week (e.g. since the first report here).

On a second thought maybe an attacker used an exploit on home routers and got our dyndns passwords from there. Those could be used to get the emailaddress.
But I think that's rather improbable - there are more lucrative things one can do when messing arround with routers than selling the emailaddresses for a few cents.

Sebastian

NormanS
I gave her time to steal my mind away
MVM
join:2001-02-14
San Jose, CA
TP-Link TD-8616
Asus RT-AC66U B1
Netgear FR114P

1 edit

NormanS to mmainprize

MVM

to mmainprize
said by mmainprize:

I do not know how they do it but i get e-mails with one or more addresses in the To: line but it is not my address listed. Like you stated it don't have to be there or was removed, and maybe it is a blind copy of some sort.

It is too late to edit my post, but add Google Mail to the list of very few providers including the "SMTP Envelope Recipient (RCPT TO:) email address in the headers.

Yahoo Mail:
X-Apparently-To: %me%@yahoo.com via 98.138.213.251; Thu, 01 Nov 2012 10:39:36 -0700
 

Google Mail:
Delivered-To: %me%@gmail.com
 

GMX Mail (.com is English, .net ist Deutsch; both have the same header stamp):
Delivered-To: GMX delivery to %me%@gmx.com
...
Delivered-To: GMX delivery to %me%@gmx.net
 

None of my other ESPs do this. If your ESP doesn't so stamp their email headers, you might request it. However, given the nature of SMTP, if it is in your mailbox, there was an SMTP "RCPT TO: <%your_email_address%>" command. SMTP servers don't "guess", they are as literal as any computer.