Security → Danger? What EXACTLY does the following mean.

rr.com is nothing to fear really. TWC was for at least a decade called Road Runner, It only changed when TWC was spun off of the main company Time Warner because once spun off they would have to license the Road Runner.(as it was named after the cartoon bird and not the real species of bird with the same name.)

Thanks to all for your quick response and providing the information on what happen in why due to email transactions or exchanging.

I was a little paranoid simply because on my backup or secondary computer that runs Windows I had been just infected a couple of days ago with two Java Exploits that potentially were really nasty. I caught and thoroughly purged or deleted them from the entire system.

I only recently have had contact with Time Warner Internet Cable Internet access. I was not familiar with their relationship or linkage with the Road Runner domain.

Fortunately, as you can see from subsequent posts by me I was able to research from the entry tag on the email that alarmed me that it was a result of the domain socal.rr.com and that was a domain owned and used by Time Warner who still use the Road
Runner domain designation for their email service.

My Windows machine is Win7 64, which IMO is easily MS's best OS ever. I've run Windows OS exclusively since 1994. Used them all which is why I praise Win7.

However, a couple of years ago I got a Mac as a gift. I never had any experience with OS X at the time. At first I would occasionally fire up the Mac to just learn OS X by playing with it. The more I learned OS X the more frequently I used the Mac. Once I was comfortable with OS X I came to personally prefer it over Windows. Both OS's are fine with each having strengths and weaknesses but I found that for my specific likes and uses in using a personal desktop computer that I really preferred OS X overall.

In the context of this thread and this forum I have to say one thing that I like about OS X is that security issues or minimal in comparison to Windows both in terms of threats and what is needed to protect it from threats.

For my Windows I spend most of my time on it updating it constantly with MS updates for the OS and MS Office, as well as updates and/or scans by MSE, Malwarebytes, SuperAntiSpyware, and Spyeware Blaster. I say without any sarcasm that one doesn't realize just how much time and effort is spent in just doing that, (I keep everything in Windows all ways updated/patched, etc), until you switch to using OS X. I'm not exaggerating.

With OS X updates are rare. Even though threats are lower or less for OS X than Windows, I nevertheless use a firewall and good OS X AV/Malware protection with Avast specific for OS X that provides real time protection and scan options and other options are excellent.

Technical term

Fondles??? Email goes through the TSA? I know other three-letter agencies get a copy.

This is correct. The use of the 'cid:' URL scheme for Content-ID is described in RFC2392.

(Rest here is an amplification of points already made, not specifically in response to you).

The fact that it showed up in the user-visible presentation of the mail message just says that some piece of mail software goofed along the way. Nothing to be alarmed at, and no need to suspect foul play. Plenty of email software fondles the message on its way; it's a miracle it works as well as it does

Time Warner Cable (different entity from Time Warner) doesn't "use" RR email servers. It OWNS RR mail servers. The name has not changed because that would be a logistical nightmare. Road Runner name for TWC internet has changed (due to copy-write and royalty charges for Road Runner logo) to the pathetically unimaginative TW Internet Services but the email servers and addresses will likely never change.

As far as I know, these "CID:" thingies are identifiers so as to allow links to attachments in the same mail. In this case, the attachment is most likely the image that was forwarded. It is common to use the domain name (such as "@socal.rr.com") as part of the identifying name.

Actually, 'socal.rr.com' is a localized domain for Time Warner Internet Services; specifically for Los Angeles, California. As '@socal.rr.com', it forms part of the email address. As 'pop-server.socal.rr.com' it is the incoming email server. As 'smtp-server.socal.rr.com' it is the message submission server. As 'hrndva-smtpin01.mail.rr.com', and
'hrndva-smtpin02.mail.rr.com', it comprises two MX servers.

sivran got it in one.

Dumb question, what mail client(s) were in use on either end of the connection? You work enough in the Corporate
world when x% uses Outlook / Exchange, Y% uses Lotus Notes, Z% uses something else, you get alot of fun reading
email trails with the above scattered all over the place when some mail server can't handle the extensions properly.

Regards

I believe through some investigating by me I have answered my own question.

When I sent the email with the picture and then received the "reply to" back with the new "red flag" entry I was accessing the Internet through a Time Warner ISP.

Time Warner uses Road Runner mail servers. The socal.rr.com is Road Runner email server.

I simply saw the new and unusual entry referenced in my in fixated my eyes on the part that read socal.rr.com and thought immediately, damn, a fracking "Russian domain." My professional experiences with the "Russians" combined with the "freak" appearance of the entry sent me off the wrong track.

Plus the fact that the wrong track was a suspected Java exploit. Certain really bad bugs that can be very damaging like to use Java and Java has we know carries a lot of potential security baggage.

You're seeing a bit of the guts of the email, nothing to be concerned about. Somewhere along the way, someone had a client that didn't understand (or couldn't find) the pasted picture.

Honestly, that would be the first thing to check out, just to make sure.

It is probable but unknown.

The image came from my friend's business site. She accesses and uploads or alters her site via her home computer. The site has its own domain name.

The site has been in existence since at least 2008 when I first encountered it. I would speculate from circumstantial evidence that it has been up way before that though.

Is that image hosted on another server, and is just linked?

Follow along step by step. It's important to do so.

1. I have a Mac with OS X 10.6.7. I was looking at a friend's business web site. Both my friend and her business are drop dead honest. She runs Windows on her personal computer that she also uses to connect to her domain site or host.

2. I copied a picture from her web site using my Mac. I used the latest version of Chrome to view her site. The were no problems copying the picture off of her site to my computer.

3. I then emailed another friend with the picture I copied as an attachment to the email. So far at that point nothing unusual has appeared or popped up.

4. The person that I emailed replied back using her Windows machine. She used her email client's "reply" function. Therefore a copy of my email text and the picture were in her reply below her message.

THE POTENTIAL PROBLEM and WARNING FLAG:

In the reply email to me on the picture in question there was a new addition. Immediately above the border of the picture were now the following:

[cid:AEFFA5E2-3144-480E-B8B9-60B6B6CDF0A1@socal.rr.com]

I am worried that someone has a problem with an exploit or virus or hack via Java. But I'm not an expert.

What's the deal and who has the problem and what do you think their problem or danger if any might be?