General discussion

Thanks, Mods..

Since you've decided to filter my legitimate ModAlerts instead of acting on them, I now get spammed not only by your auto-replies but by stuff like this:

****@hotmail.com
My name is ****** ,i saw your profile today
and became intrested in you,i will also like to know you the more,and i want you to send an email to my email address so i can give you my picture for you to know whom i am. (charitywilton86@hotmail.com) i believe we can move from here.I am waiting for your mail to my email address above.Miss Charity Remeber the distance or colour does not matter but love matters alot in life.
Yours Love
Miss ******

And of course you have blocked my ability to Alert it.
So now I can be stalked both ON the forum and OFF of it. Good job!

Discussion is locked

Follow
Reply to: Thanks, Mods..
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: Thanks, Mods..
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
Could you PM me the header info?

I'm interested in finding out what happened. CNET does not disclose your email address to standard members unless you send a PM to that member, so I'm wondering if that email did come through the PM system, but it glitched and omitted the "from a CNET member" notification.

Thanks!
John

- Collapse -
Well...

Unfortunately gmail doesn't give you much to work with, just

from jenesgodwin@yahoo.com
to my.address@gmail.com
date Thu, Oct 28, 2010 at 5:34 AM
subject Hi There

It's not like a desktop client Sad

- Collapse -
Hmm, digging further....

Viewing my email via IMAP I see the following:

---------------------------Begin Header-------------------------------
Delivered-To: myemail@gmail.com
Received: by 10.204.81.29 with SMTP id v29cs398145bkk;
Thu, 28 Oct 2010 10:56:53 -0700 (PDT)
Received: by 10.204.59.69 with SMTP id k5mr4568925bkh.195.1287424612493;
Thu, 28 Oct 2010 10:56:52 -0700 (PDT)
DomainKey-Status: bad
Received-SPF: pass (google.com: best guess record for domain of n2.bullet.re4.yahoo.com designates 206.190.56.37 as permitted sender) client-ip=206.190.56.37;
Message-ID: <4cbc8a62.0b1abc0a.5d20.289bMFETCHER_ADDED@google.com>
Received: by 10.188.26.11 with POP3 id 11mf870198bwz.71;
Thu, 28 Oct 2010 10:56:50 -0700 (PDT)
X-Gmail-Fetch-Info: myemail 9 pop.att.yahoo.com 110 myemail
X-Apparently-To: myemail via 68.180.196.170; Thu, 28 Oct 2010 10:00:20 -0700
X-YMailISG: ECo93zAWLDspjQRD7xZL5kCWT.OVh1dqLbEAg6ES8CDZszRY
n2qpx8LVzgHnrJ83EgMm0jhKiY7KFQja7F5RVKPvg_FHZtpJXfFDB5M43v9P
gdXM5LWe63678Ehg9b52JRNBc.yVCQb2uXL.HA9xfmVP9Qx6T0xDP0jHzs33
ZOThUY3Wl1azoKavFjQpxHIAC4ik.pz84dfvI5pEIi8rgCYYvQul__1Ut2c-
X-Originating-IP: [206.190.56.37]
Authentication-Results: mta1067.sbc.mail.sp1.yahoo.com from=cc.yahoo-inc.com; domainkeys=pass (ok); from=cc.yahoo-inc.com; dkim=pass (ok)
Received: from 204.127.217.73 (EHLO fgateway03.isp.att.net) (204.127.217.73)
by mta1067.sbc.mail.sp1.yahoo.com with SMTP; Thu, 28 Oct 2010 10:00:20 -0700
Authentication-Results: isp.att.net;
domainkey=pass (no signature error) header.From=yahoo-account-services-us@cc.yahoo-inc.com
Received: from n2.bullet.re4.yahoo.com ([206.190.56.37])
by isp.att.net (frfwmxc03) with SMTP
id <20101018170020M03006pq36e>; Thu, 28 Oct 2010 17:00:20 +0000
X-Originating-IP: [206.190.56.37]
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cc.yahoo-inc.com; s=fz10; t=1287421219; bh=E54+NYj9FCFrSzH4MODH9+dlIwwv6ud7EFnFXqN6IRs=; h=Received:Received:Date:Received:To:From:Reply-To:Errors-To:Subject:X-Yahoo-Newman-Property:X-Yahoo-Newman-Id:MIME-Version:Content-Type; b=nN4DIA8/xJpOz1yifDhufwyMLaYMKfpxMzgEIXi2M4qFkAD4sE9P5BWQCVi3pHDv4UhiNtaTjP4MNAX3ATKQmbWEGiWr/3pnBjyhyVRqDDcWKt8M/967nxQy/+uFZ3l/dGPN8cHeieQ/kl8on7rBcuKordSVtJ6Ffvj6UM6yQEY=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=fz10; d=cc.yahoo-inc.com;
b=mRpMlhCwG7zgxwkhkr2qRSerHNgpbM1aeucCmBgOmXYyfRMsibk2roQbPq8Wvcs7eZPO8i3Uu/qSw0p+vlpOkrNkpZAdYJtAuNcfkw8m+vwqOSJz0IVPrQ5GzPwMTSAh5kK3KI1w+NhEQ5zK63cOYNs+/5hQiiLCVhdqKBK5Boo=;
Received: from [68.142.230.29] by n2.bullet.re4.yahoo.com with NNFMP; 28 Oct 2010 17:00:19 -0000
Received: from [69.147.111.134] by t2.bullet.re2.yahoo.com with NNFMP; 28 Oct 2010 17:00:19 -0000
Date: 28 Oct 2010 10:00:19 -0700
Received: from [127.0.0.1] by r13.member.re3.yahoo.com with NNFMP; 28 Oct 2010 17:00:19 -0000
---------------------------End Header----------------------------------


Seeing a few non-routable 10.n.n.n addresses and a loopback address of 127.0.0.1 leads me to believe at least part of the header has been spoofed by the sender.

- Collapse -
Looks like that was sent to a Yahoo account...

The headers indicate that the email was delivered to a Yahoo account, but then fetched by Gmail via POP3. If that's the case, try checking the headers directly from the Yahoo account the email was originally sent to, as they would not have been overwritten by Google.

John


P.S. You can view the full headers in Gmail without using a desktop client; just click the downward-pointing arrow on the far right, top corner of the email and select "Show original." That will display the full email in text form, with the full headers above the content.

- Collapse -
Could be but....

I don't have a yahoo account. It could have been sent to an address that someone setup to autoforward to make it look like that. The fact that it originated from a 10 dot address tells me it came from someone running their own mail server.

- Collapse -
The reserved IP addresses are actually normal...

It's normal to find local/unroutable IP addresses within email headers since mail servers often bounce an email around internally before passing it on to the recipient. Thus, I wouldn't say it's spoofed based on that alone; in many cases, I'd actually say the opposite is true.

In Gmail, go Settings->Accounts and see if anything is registered under Get mail from other accounts. One line that catches my attention is X-Gmail-Fetch-Info: myemail 9 pop.att.yahoo.com 110 myemail. That indicates Google fetched the email from an AT&T-branded Yahoo account, and since you edited out the actual email address with 'myemail,' I wonder if the email wasn't sent to an old account you had and was still fetched by Google based on previous settings.

John

- Collapse -
Now that you mention it...

I notice that it was sent to my bellsouth.net address, now an AT&T address hosted by yahoo, which is an address I don't think is on file with CNet anymore. It was my original registration address when Speakeasy was at Ziff Davis. I changed my email at CNet to my Gmail address years ago though.

The other thing that is odd is that all of my mail fetched by Gmail from Bellsouth is automatically labeled by a filter I have setup that lets me know that it came to my old address and this mail didn't get labeled by that filter so it looks like it was sent to my Gmail address even though it wasn't.

- Collapse -
Clay, can you tell me what subject line was used for that...

email?

Did the email not include this at the bottom of the email content?

--------------------------------------------------
Note: This e-mail was sent from your CNET profile, by member adosa.

Clay, I'm also curious, do you use Gmail? If so, Gmail hides details of the email when you are reading the email and you have to click "show details" to display the information about the email like "from" "to" "date" "Subject". So you may have missed the subject line when you copied and pasted the email here.

Anyways please check... I'm very curious as to why everyone here got the same message from this CNET member spammer through the email member feature and not you.

Thanks!
-Lee

- Collapse -
Just 'Hi There'

I posted that somewhere above in the thread. It does not look like the other emails I get from CNet. Jonah sent me one via that feature regarding this thread and it was marked as such.

- Collapse -
Maybe inside job (least likely IMO)

More likely there's another common link we don't see.
Not good, in any event.
Still nothing for me, not even in my hotmail junk box.
Perhaps it's just one thread that was tapped.

- Collapse -
I got spammers too...

Actually, it was sent to me multiple times, so I guess I'm special that way. I am rarely involved in SE or other threads Ed, Bill, et al reply to, so it may have been a lookup of users with the most posts or the earliest join date. Regardless, she likes me best; she sent me several! Wink

John

- Collapse -
I'm hurt

I didn't get anySad I think I will file a discrimination suit!!! LOL

- Collapse -
Out of curiosity ...

The PM I received came directly to my email address As I understand it CNET sends the message without giving the recipient's address to the sender. It does, however, give the sender's email address to the recipient.

How can you tell that it was sent through a mechanism other than the CNET PM system?

- Collapse -
check out the source?
- Collapse -
I've sent you an email

Bill.

I've sent you an email through your profile. Can you tell it was sent to you through, or via, CNET?

Can you send me one as well using my profile so I can check as well? I prefer you used my other profile here;
http://www.cnet.com/profile/MarkFlax/

The one I am using is a temp one since the forum change over corrupted my other one, and this temp is using a Yahoo email address that I rarely check, except to delete emails.

Mark

- Collapse -
Addendum

Addendum.

I've just realised I could send myself one, but no matter, it's still a good test.

Mark

- Collapse -
The ones sent through CNET say...

Note: This e-mail was sent from your CNET profile, by member adosa.

Right?

- Collapse -
As I understand it Yes.

I haven't received a PM through my profile recently, so I can't be sure, but I believe that the ones I receive tells the CNET member's user name.

Mark

- Collapse -
Proving it was from PM system might be hard, but ...

As you have probably discovered already, the message itself does at least SAY that it is from the PM system:

Bill.

Test email through your profile, as per your post in SE here;
http://forums.cnet.com/7726-6130_102-5015997.html

Is there 'any' clue it comes through or via CNET?

Mark Flaxman, (MarkFlax or MDFlax at the moment).

--------------------------------------------------
Note: This e-mail was sent from your CNET profile, by member MDFlax.


However, PROVING the message came through the PM involves forensic work beyond my skill set.
The From and Reply-To headers list a non-cnet address. There was a header listed that I'm not familiar with (x-ymailisg) but I THINK it is connected to Yahoo, which was one of the ISPs is the Received headers.
So, since the cnet system spoofs the From header, I guess the only way to verify it came from CNET is from the Received and Message-ID headers. My understanding is that they are easily spoofed but I would not know how to detect that.
Your email included a header that began: Received: from 127.0.0.1 (EHLO alias3.c17-ave-mta-out1.cnet.com) (216.239.114.24) and also another Received header that included a cnet reference and the message ID also included a cnet reference.

- Collapse -
I tend to agree

I received your test email and replied with the View Source details.

I have to admit, it's not conclusively shown that it was sent via CNET.

Mark

- Collapse -
Only because...

Emails I receive from the CNet PM system have a subject line that says something like, "Message from CNet member" and this one didn't say that.

- Collapse -
Send yourself an email

Send yourself an email through your profile, and see how it compares.

I can see no method of any spammer finding members' email addresses other than sending a PM through the profile page.

If some method has been found, this is a serious breach of privacy and needs to be reported.

Mark

- Collapse -
I'm jealous. Nothing from Miss "Charity"

for me (does she give it away?), and Prom time is coming up!

BTW, Ed ... I'm not shy about talking about my Fanatic Religion, I'm elderly and cranky, I'm frank with the Mods, but I've never had your problems with Beloved Speakeasy. (And you're not the only one, even if you do cry wolf!)

Message in there somewhere?

- Collapse -
FYI

#And of course you have blocked my ability to Alert it.So now I can be stalked both ON the forum and OFF of it.#

your RoP ability has in no way been prohibited, and, IMO,
spam can hardly be considered stalking

,.

- Collapse -
... unless there's more to the Ed-

Charity thing than he's letting on ...

Happy

- Collapse -
they do say

Charity begins in the home

Happy

,.

- Collapse -
(NT) Good one!
- Collapse -
Subthread deleted...

I have deleted a subthread that was in a fast downward spiral of name-calling and insults. I know I'm the outsider in this forum and don't want to just jump into the ongoing issues, but this thread is about a spammer and possible PM issues, not who thinks which body part another member resembles. Please keep this thread on topic so we can get to the bottom of these issues without interference.

Thanks!
John

- Collapse -
There's an ROP bug...

ROP emails are not being delivered to random moderators/administrators due to a glitch in the ROP system. It's something we've been aware of, but there's no pattern to the bounce-backs and, thus far, no fix available. It only affects a couple recipients at a time, so we are still able to act on ROPs, but we're hoping this is resolved very soon.

John


P.S. Please be careful about posting full emails with email addresses included; the spammers are relentless.

- Collapse -
Thank you John

Delete my post now

CNET Forums

Forum Info