Return Path Problem. Urgent.
Results 1 to 5 of 5

Thread: Return Path Problem. Urgent.

  1. #1
    Junior Member
    Join Date
    Dec 2003
    Posts
    15

    Return Path Problem. Urgent.

    Hi--a friend of mine thinks that his computer e-mails are being hacked into by virture of the fact that the person doing the hacking always seems to know what his e-mails say.

    Today, I sent him an e-mail from my home, and for the first time ever there was a return path. Not only that,but it seems suspious. Can you please tell me what some of these terms mean--like " Albatross Mail", and if it seems that his mail is being routed to someone else who is reading it.

    He is on earthlink. I'm on aol.

    Please help.

    Here is the path:

    Return-Path:
    Received: from rly-yb04.mx.aol.com (rly-yb04.mail.aol.com [172.18.146.4]) by air-yb04.mail.aol.com (v97.10) with ESMTP id MAILINYB44-19a3fd7aab7353; Wed, 10 Dec 2003 18:23:03 -0500
    Received: from albatross.mail.pas.earthlink.net (albatross.mail.pas.earthlink.net [207.217.120.120]) by rly-yb04.mx.aol.com (v97.10) with ESMTP id MAILRELAYINYB410-19a3fd7aab7353; Wed, 10 Dec 2003 18:22:31 -0500
    Received: from user-12hdpl0.cable.mindspring.com ([69.22.230.160])
    by albatross.mail.pas.earthlink.net with esmtp (Exim 3.33 #1)
    id 1AUDf1-0007PW-00
    for EVAINK@aol.com; Wed, 10 Dec 2003 15:22:30 -0800
    User-Agent: Microsoft-Outlook-Express-Macintosh-Edition/5.02.2022
    Date: Wed, 10 Dec 2003 19:22:26 -0400
    Subject: Re: No Subject
    From: Red Suydam
    To:
    Message-ID:
    In-Reply-To: <153.27fd9168.2d08cd32@aol.com>
    Mime-version: 1.0
    Content-type: multipart/alternative;
    boundary="MS_Mac_OE_3153928946_1118240_MIME_Part"
    X-AOL-IP: 207.217.120.120
    X-AOL-SCOLL-SCORE: 0:XXX:XX
    X-AOL-SCOLL-URL_COUNT: 0

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    There's nothing unusual about the "albatross" mail. It's the name of the SMTP server run by Earthlink (which merged with Mindspring in 1999/2000). Has your friend looked for things like:

    - spyware
    - access times (when email was last accessed)
    - keystroke loggers

    Is the "attacker" someone at his house or is this a remote unknown person?
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    Banned
    Join Date
    Nov 2003
    Posts
    182
    Tell him to change his password. The account may have been hijacked. Also, the message headers don't mean a whole lot, since we don't know which are yours, his, and possibly a third partys. However I can tell you that Earthlink bought Mindspring some time ago, but left the servers online for existing Mindspring customers.

    Thats why it appears to have a third party intercept.

    -sbg

  4. #4
    Senior Member Spyrus's Avatar
    Join Date
    Oct 2002
    Posts
    742
    Another question is, is he always accessing this email from the same computer or from different locations? You say he is on earthlink, I would think it might be a good time for him to CHANGE his password. It is good practice to change your passwords often. Sounds kinda to me like he may be using something obvious so tell him to change it and use varying characters/numbers and letters. Definitely follow msmittens other suggestions, check for spyware, viruses, keyloggers and the sort

    edit: sbg just seems to type faster than me
    Duct tape.....A whole lot of Duct Tape
    Spyware/Adaware problem click
    here

  5. #5
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,884
    This is a header for a message sent from him to you it appears. Not a message from you to him. And all messges have the return path and things like that in their header... you just normally don't see it.

    What does this say? Well... It was sent from his Macintosh using outlook express at 3.22pm (in his timezone) via a cable modem. The first machine to see it was a mindspring (earthlink) machine, who sent it on to another earthlink machine who then sent it to an aol machine which sent it to the aol machine that stores your email. Doesn't look like any intercept in there as that is the shortest possible path.
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •