这是一个创建于 3156 天前的主题,其中的信息可能已经有所发展或是发生改变。
最近几天,大概一两天一封吧,发自自己邮箱的邮件.
观察了一下发现发件人右面还会标记 通过“ trustedgig.net ”或“ zygostatical.com ”
这是不是说明我被盗号了?
我去找个图床,稍后上个图
图来了
 |
1
tinytub OP 又查了一下...难道是传说中的伪造发件人...
|
 |
2
shiji 2016-03-28 11:28:55 +08:00
@tinytub 我前几天 Gmail 也收到过,显示是我邮箱发送到一个陌生 QQ 邮箱的。
就是伪造发件人,然而构造的貌似比较特殊, Gmail 没有拦截,难以想象 spf 已经 fail 了,还是 gmail 的域,谷歌就直接放行了。 ( my-email 替换我的地址) Delivered-To: [email protected] Received: by 10.107.17.148 with SMTP id 20csp212219ior; Wed, 23 Mar 2016 13:09:45 -0700 (PDT) X-Received: by 10.98.12.8 with SMTP id u8mr6957417pfi.36.1458763785000; Wed, 23 Mar 2016 13:09:45 -0700 (PDT) Return-Path: <[email protected]> Received: from o2.email.thecampaigngroup.us (o2.email.thecampaigngroup.us. [50.31.40.174]) by mx.google.com with ESMTPS id sk6si6417210pab.138.2016.03.23.13.09.44 for <[email protected]> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 23 Mar 2016 13:09:44 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning [email protected] does not designate 50.31.40.174 as permitted sender) client-ip=50.31.40.174; Authentication-Results: mx.google.com; dkim=pass [email protected]; dkim=pass [email protected]; spf=softfail (google.com: domain of transitioning [email protected] does not designate 50.31.40.174 as permitted sender) [email protected]; dmarc=fail (p=NONE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=email.speakcreative.com; h=mime-version:from:to:subject:content-type; s=smtpapi; bh=z/5L23sL7pUaJKlQ1WG11oNcYxg=; b=EkoMYFf38/tXk9ZERpcTvpnK12iEM j6mmv9YsJitUTzCHW3zmHjq2LPFh4M08ki++DIuYo9uUX0bGaIcJDXj3PnSvpbCa lYJDKDx5AVFwz2aLPAsO+G2lTTRLwx+XUodod3hQ3cIfuDeTFdUg3wNca9tuSJg5 kIYgRul2zq8plA= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sendgrid.info; h=mime-version:from:to:subject:content-type:x-feedback-id; s=smtpapi; bh=z/5L23sL7pUaJKlQ1WG11oNcYxg=; b=NDCY1F/zjp46HbopbT ZCywWqSpqIYn8bFOZKRXWLt8sb6X+jeF9o0OmSr6Wn4gbkS6C8p0/wTqi1RboV/1 fXWAUyQVhrtIsvmcqyMqiER0T+O7xeYj9lewKZYovG6+5KBaf1hejmRRnLjwW1oc 89ERZhA4d2fOLWtRpwRR6ybd8= Received: by filter0202p1las1.sendgrid.net with SMTP id filter0202p1las1.1085.56F2F80634 2016-03-23 20:09:42.399974044 +0000 UTC Received: from 689835-web1 (unknown [104.130.151.53]) by ismtpd0008p1las1.sendgrid.net (SG) with ESMTP id O2tErYSNR52WS_MKTxc65w Wed, 23 Mar 2016 20:09:42.702 +0000 (UTC) MIME-Version: 1.0 From: [email protected] To: [email protected] Date: 23 Mar 2016 15:09:42 -0500 Subject: Take a look at this product! Message-ID: <[email protected]> Content-type: multipart/alternative; boundary="----------=_1458763782-12657-739" X-SG-EID: fL13WeLYEFVuuhzdB70o+aMdsukxmjYDsEyA1I7Olj5+g5+w/62nD50bwSvWuITrtS3HlPYFxtIwGY ZAs7Uyf1VMztlyD8n0Aa99wUJVHBYfb1CaCzx59jf6jUd+TMQWPgiwjck96DrHOL33CLD/bqtS73jM aDP0UKG1EuTSaxdfDfMpaKjTIi6sgboHnGID X-Feedback-ID: 144955:ho2M5bVLhY9tp+jt9EgROzbTH+tO8ZD0fRL9/S64Cfo=:ho2M5bVLhY9tp+jt9EgROzbTH+tO8ZD0fRL9/S64Cfo=:SG This is a multi-part message in MIME format... 一堆 base64 标题: Take a look at this product! 文本内容: MG 电子游戏注册送 18 白菜 MG 电子游戏注册送 18 白菜 登陆通道:[某网站] -yushezhuo |
 |
3
jadecoder 2016-03-28 11:34:33 +08:00
有点奇怪,就算是其他厂的邮件,现在也有 DMARC 可以防止伪造发件人了,我感觉 Gmail 不可能被伪造自己的发件人。
|
|
4
tinytub OP 需要我再查一下收到的邮件的什么信息再判断一下是不是伪造发件人吗?
|
 |
5
xiaoz 2016-03-28 12:12:51 +08:00 via iPhone
最近客户反应也有点多, spf 记录似乎不太起作用了?
|
 |
6
shippo7 2016-03-28 12:47:11 +08:00
伪造发件人而已,不用担心
|
 |
7
msg7086 2016-03-28 13:14:52 +08:00
伪造发件人而已。
至于为什么放行,是因为有时候会出现代发邮件的情况。 比如你用自己的 Gmail 账号注册了某个社交网站,那么这个网站可能就会以你的名义发邮件(给别人或者给自己)。这里面是有合法用途的,所以不会默认 Ban 掉。但是如果经常代发辣鸡邮件,那么最后还是会很快被 Ban 掉。 |
Select Language
