On 20190713 16:29:20, home user via users wrote:
(Tony Nelson said)
> [snip]
>
> Look at the message header. (View Source is a good way,
> as it will be exact.) The first Received: line and any
> lines before it come from your email provider, who is
> mostly to be trusted, though anyone can make mistakes.
> If that line says the "from" is reasonable,
I attached the full message with line numbers added to help discussion, and with
private parts replaced with "[private]". You are referring to line 31, not line
7, right? I don't see anything there saying/implying the "from" is reasonable.
> look at the lines up to and inclucing the next
> Received: line and loop, otherwise stop, it's spam.
You're referring to line 33, right?
I don't understand what you mean by "line and loop".
The main thing troubling me is that the message claims to come from a gmail
address, but it's sent from Yahoo Mail. How is that possible?
thanks,
Bill.
spoofheader.txt
1 X-Apparently-To: [private]; Sat, 13 Jul 2019 21:33:09 +0000
2 Return-Path: <[private]>
3 Authentication-Results: mta4406.mail.ne1.yahoo.com;
4 dkim=pass (ok) header.i=@gmail.com header.s=20161025;
5 spf=pass smtp.mailfrom=@gmail.com;
6 dmarc=pass(p=none sp=quarantine dis=none) header.from=gmail.com;
7 Received-SPF: pass (domain of gmail.com designates 209.85.166.41 as
permitted sender)
8 X-YMailISG: UfTWcpUWLDt9VbLjmP9pJbf3OmIC53rwpG_C7TjDRgDymvPB
9 BTNlUcZakGXI0sxvNXFx9wzjJmKP2kAY0t9JoARolsPbRSV4A4fCsh65475m
10 jclL.itnwmgSrdNG.AkDZjtUeVEEZOj8kwtvd4Ucw3zfi2jZWVYyKQuFkNyp
11 5EUUs3eEy4yJ6K7_SH_I64Ekx.2TOTseBrw55XGKXVb0oe0xLZ3k9EBxOmat
12 lvkQYub6IhXGJQMSjnkD4d.8bLvW3JwtamQh_jrWegyZgakvGmV018guKJjW
13 IzZNgBYT2zX4B6bRmwya0FPkga9FYlAwSUJjL6n4BAbPqAqyqWg0EEI1Jngq
14 MuQCnef8RiF75VlahGYYDQuDDK0KHs2UQmvOx6QItfSIdO8.v0glMZGxK17b
15 loYVsNGjFiuEPiNmgDfp8flbjNBBW6n6M.FG3msDMMPJ8FKqyIqdcn.qhQ.q
16 EynO_PhlDlSsYlTq5_YftYVABxPnhAhdgKZc8ve.YvvTLuQOQUF_YSyCdkNT
17 ElCIbOzaIx9dp7OmoF0l7y8d61VQEdP6MvWhnptBh5KYKVWsh3pQYCioKGue
18 KeFgvzEw5uj8mQYa_OzqcpCc9.l6RE17rIOkglKMivY._rRHeCs38uP4NBLg
19 z0pnQLsZg.LnzCoEIF7jCSvLx.cS02eniB2tvFyA1Mn84J_S9HwxrRcehDfd
20 lnO_UDzlDDhYWsMSzgAdFsvsQQM6VO61lN_WboZJFaVDj0YezwC_iQxrk.om
21 2gfQqXo.bDBUs9wyYbmqz2yJJfqsbW8gJReDClOrkZJbUFNa7MJwfV0bKXNW
22 A9BuWK3VaQKbBqxJDtj1xGhn9lNY5PpyBCQkFG1WVYN_SbJY2uGP50m2.tP3
23 VDwNXvUqwN6A.EToTeuTEUq_pMMq4W9O5ZxXH9oCiQORHHi5gDjFOd32bQLk
24 l_VrTlYbtTEG5uNsgWjsTPc_YHwLfeBf.m2bBS8AtVvjzKETSz0tpDiclDHI
25 zQ3JnWkop3i2RofghLWhBV6sEw1kDrIuE7bw70IXwRWibvTRwePFk_KtGlmZ
26 mvJg8azDq2y9l4wmvA_xMo15lCYOytM.y62IYjzzL.9_H9rmTct1ulWJF.2F
27 W00ZmlsX7ju3si2yG6GCsPGylbBB1k6fl1dQHm0UHPPbZPMQWt6eA6CZpFfn
28 DzQCnwS3S4Un.NZBfdhUPTmVltz.0qKQyvSu4X3CK4Mauw3Cdr0BIM2ELxXb
29 Uq.a700ZtETRgLZiYHkZYDE-
30 X-Originating-IP: [209.85.166.41]
31 Received: from 127.0.0.1 (EHLO mail-io1-f41.google.com) (209.85.166.41)
32 by mta4406.mail.ne1.yahoo.com with SMTPS; Sat, 13 Jul 2019 21:33:09
+0000
33 Received: by mail-io1-f41.google.com with SMTP id k8so27923627iot.1;
34 Sat, 13 Jul 2019 14:33:09 -0700 (PDT)
35 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
36 d=gmail.com; s=20161025;
37
h=date:from:reply-to:to:message-id:subject:mime-version:references;
38 bh=MgkjHii2ksvTjACY0qnqI3YCoTu9q9HsYjhT+2mleGw=;
39
b=QTBD19oaeu7t5qGDN2Tm/JEIccMRvh9+kwxLbhjDNh0auWHq58VPxTlRBVVuKWtpDD
40
g0eGmTLB74eCSkKj3UooCw46WfD0lEIFgt0Bg0WR7fIqqOtCgKqjDllKZVsslHM4MGxK
41
kq+aCIEsUVS2MDIoBqYmuwa+NaGpcl0j+VRqOgF0Ftmq8X5ya8yI+Fj33jugeMdMwyfT
42
97hiZunVJ/UDHNgJOgf0WFrApWVBiJnP2kudJGrTKlL2ooV58OxlLtaRw27wBJbrR5Lg
43
xqtlZb14gbk1MK/0gkRP9SfXCr2sWgg6nZWXa0k1G7MQpv8EzLeLudHleYxzK45Z2git
44 OiqQ==
45 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
46 d=1e100.net; s=20161025;
47 h=x-gm-message-state:date:from:reply-to:to:message-id:subject
48 :mime-version:references;
49 bh=MgkjHii2ksvTjACY0qnqI3YCoTu9q9HsYjhT+2mleGw=;
50
b=PsYXrRGycP3WDRvhunmjg0E1vCMI83JKy7XzgDGRuUKZVIL/IrYzjnans9AEamkhyL
51
5foQFF1xnmPe2ES31P1VFGDWnZUjlT9L+yGkxZsN8erHPHkOnASWtjPDbl5U3qzNve/s
52
3+91vMQKDZWFRNLPoqFHxyJEicmxHHSkLV+qiyVfzhNHUjQnkzaP8MQ1pXMR+ct3oEcF
53
23i+esUsdIAqC7AAJKQvQ4uM2MrVDCQxnlkmhqNaGWiKXHuv0CCLBs2ZXYKr6JpD4UeJ
54
FeFTmWhSpqorjpOo4v2KboO29ZU7BbrzxvPZwHH7oc+lX1MNth2ORa9JQHLlMVJPjdem
55 DoEw==
56 X-Gm-Message-State:
APjAAAUieN/NT/7bCGWoOCM7p0nun2dENZf7WZrsTjn7e7JiNSaAQQ46
57 X+4+o9+krEqnlaDFkXSNKTHbhkfD
58 X-Google-Smtp-Source:
APXvYqxNOZUf94JAPxPHigDL21gIoXISKHQ4MHaZ+KA1x45IsuDXHevxMaE5RfBSUn/DcRe8IdhLiw==
59 X-Received: by 2002:a5d:9b1a:: with SMTP id
y26mr17672471ion.238.1563053588544;
60 Sat, 13 Jul 2019 14:33:08 -0700 (PDT)
61 Return-Path: <[private]>
62 Received: from sonic316-12.consmr.mail.bf2.yahoo.com
(sonic316-12.consmr.mail.bf2.yahoo.com. [74.6.130.122])
63 by smtp.gmail.com with ESMTPSA id
z26sm13199729ioi.85.2019.07.13.14.33.07
64 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256
bits=128/128);
65 Sat, 13 Jul 2019 14:33:07 -0700 (PDT)
66 X-YMail-OSG:
05TfIBwVM1nOm3krOdXc5g5lmLSqCqfZZ2ce7zPSafn7Sr63s53U.016lN9lA37
67
uRhpAvb.Mv5uv3IvADfErNmdBK_rICbXAcLzYiDvHWk8GE0WSaZ5Y4zURu9ZM0JM8uR2FmyZhn1u
68
bYN.b1gmvrZRlylvv6T7va1udVVznhpTj1QUseVarX47asTYiX_SLnQ9tt0NvO92UA9CiL0CpV2K
69
VqGFs.ANovj4Qd68cr4AAUESN8UzfFE.gXVM9DR2gPVUF5JCV6r67sD5HErYC0ZmXNK_ae59sb0g
70
dscL99YxuchHrBBAjvoDYGZIToxuUyHAdHBrGSaw3S4NYvV1pfjvu4R2a9VCkGo00KLEHDRDJYtj
71
LBiY71qiINS7Ha_jwqMSIlypGlJzezRFK2L7P9bA_4IdRYhI6hCGSbiUAA7alRg88cCTdpU1CJYE
72
5U0Gf5yGqnvgvSz5XNfnJ0y4QnVhDhpHHbTYt1Tc3lOpTm9rz98DmO_O7mMMHgKhwt9mwsxBUh_Z
73
iVgGQxK1uCooUbZV103jyWcYouw_3BUWgf2pfSJi_6nzqRMzeg8wjbpdSNmo2ozDD3Y5TqgpO8sv
74
V._6Y31EjYJZcUGq232rTran70ZMFiMoNJqmIu9tBZRqnI_65zK1dpPIgmr2b1ryK0hCkOHtE1cg
75
Fsj.J0F_Qc7L4MQz3MUtFiQ8n6vcjc6G1KtGo6dsgNb1OfMfKdqPmqep_5x0TwRTkVptxJlaR4Vv
76
YufOOyRXzblvAlxIZ8buY426YqrtioX4gMt9PtX.6IqPNWHZrv1Z4FYOJ5tkWganEoPIrFADNPce
77
AuImyY4NoipQ5tw7nHMkbCJNSDPl.5SQ7el7zDT0sTamvkGmoC89nn_H62QIgC2fK_NVax3XWC86
78
TCgakie6nLAkkyy.MkdAP1XiyjKHamhjHxtnrMrkn5NlP5_ielsgw0Di9cff6lNa6ha.7uMZOHRf
79
Imtufmlv7gIMY.CDv.z_ztslxxR.7gLFRmjyFISxPa0t9iF56ayKdLR5bBWctnb3FEx6ntp6338j
80
U_wgfbZrAVoSYULPv9BaM2Gr2m6y8qvxO_RxPnADfYgkRV8LhEL3KxlHiE3t4tiEN8k15rjWGpIJ
81
B4JGWNg_kAd69u3Tz04JjOPukjvRnJopT19IC.p.ES8np6vyxD4kVAW3WOMzzVFYL9TRVERWhoE2
82
Avesex8owsR7asEkxGkx5GnMBWiQHcS942pxzDRTwgYf0ED53eeGwyzPMJj.E86rWPM3QQ8O0LGF
83 Po8OFW75q1pd2xSfRcx_efQB6.7riPOE3rZHya8lLt_j33x1y8s9nNh6H
84 Received: from sonic.gate.mail.ne1.yahoo.com by
sonic316.consmr.mail.bf2.yahoo.com with HTTP; Sat, 13 Jul 2019 21:33:07 +0000
85 Date: Sat, 13 Jul 2019 21:33:02 +0000 (UTC)
86 From: "[private]" <[private]>
87 Reply-To: "[private]" <[private]>
88 To: [private] <[private]>, [private] <[private]>
89 Message-ID: <1006046679.433253.1563053582...@mail.yahoo.com>
90 Subject: [private]
91 MIME-Version: 1.0
92 Content-Type: multipart/alternative;
93 boundary="----=_Part_433252_1220207963.1563053582396"
94 References: <1006046679.433253.1563053582396....@mail.yahoo.com>
95 X-Mailer: WebService/1.1.13991 YahooMailAndroidMobile YMobile/1.0
(com.yahoo.mobile.client.android.mail/5.40.2; Android/8.0.0; R16NW;
j7topltetmo; samsung; SM-J737T; 5.46; 1280x720;)
96 Content-Length: 948
97
98 ------=_Part_433252_1220207963.1563053582396
99 Content-Type: text/plain; charset=UTF-8
100 Content-Transfer-Encoding: quoted-printable
101
102 [private]
103 [private]
104
105 Sent from Yahoo Mail on Android
106 ------=_Part_433252_1220207963.1563053582396
107 Content-Type: text/html; charset=UTF-8
108 Content-Transfer-Encoding: 7bit
109
110 [private]<br><br><div id="ymail_android_signature"><a id="ymail_android_signature_link"
href="https://go.onelink.me/107872968?pid=InProduct&c=Global_Internal_YGrowth_AndroidEmailSig__AndroidUsers&af_wl=ym&af_sub1=Internal&af_sub2=Global_YGrowth&af_sub3=EmailSignature";>Sent
from Yahoo Mail on Android</a></div>
111 ------=_Part_433252_1220207963.1563053582396--
At a quick glance the email itself probably flowed from a yahoo sender to your
gmail account. This portion of the bottom of the message bothers me:
href="https://go.onelink.me....
You erased one of the more important clues for legitimacy. Do the "Reply-To:"
and "From:" headers make sense when considered together?
I note that "anyone" (or any sufficiently clever robot) can create a yahoo
account and send at least a few emails. So if the email was unexpected and/or
from somebody you do not know it is right to question it. Does the "From:" make
sense considering the contents. There is no way I can tell. You even blanked the
subject. If it was a "your bank account has been compromised" email sent through
Yahoo, why are you asking here about legitimacy of such a monstrosity? And if
there is ANY question about the email and it is asking you to forward money "to
your boss vacationing in Mexico" faghedaboudit. Use some thinking. And if you
must worry about this send email back, gritting your teeth over the spamload
this will unleash to a known "good" address, and ask for some information only
you and your boss know. Establish identity beyond question before sacrificing money.
It's not paranoia when "they" really are out to get you but it's not personal,
they will take any sucker they can get. It's prudence that says email is not to
be trusted beyond the value you stand to lose by trusting it.
{^_^} Joanne
_______________________________________________
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
