Menu
Reply
t_broon
  • 3
  • 0
  • 0
Joining in
619 Views
Message 1 of 5
Flag for a moderator

Email hacked ?

Hi,

Tried to send email last night from my email account and it failed to send saying the email contained SPAM. Couldn't see anything which might have triggered this. Tried sending myself 2 x test messages – one with no content in the body and one that just said HIYA. Both sent but went into my SPAM folder when received. I clicked the THIS ISN'T SPAM option and it moved them to my inbox. I sent another TEST and again it went into my SPAM folder.

I looked at the Source information and it has some odd info as set out below:

I have deleted some of the code as I wasn't sure if it was secure to leave it all in but there were some references I didn't understand and an IP in Holland which when you check it says it might be an IP registered to Ziggo ?

I have changed my Virgin passwords and ran Bitdefender and another antivirus program and both found nothing.

Have I been hacked and how do I sort it please ?

Thanks in advance.

 

Return-Path: <t_ >

Delivered-To: t_

Received: from md1.tb.ukmail.iss.local ([212.54.57.70])

by mc24.tb.ukmail.iss.local with LMTP id M V45l69OAAAsNwiEA

for <t_ >; Sun, 14 Jun 2020 21:18:45 +0200

Received: from smtpclienthelo ([212.54.57.70])

by md1.tb.ukmail.iss.local with LMTP

id cEliERV

(envelope-from <t_ >)

for <t_ >; Sun, 14 Jun 2020 21:18:45 +0200

Authentication-Results: ukmail.iss.as9143.net;

spf=pass (212.54.57.97;ntlworld.com);

dkim=pass header.d=ntlworld.com;

dmarc=pass header.from=ntlworld.com (p=quarantine sp=quarantine dis=pass);

Precedence: junk

X-Env-Mailfrom: t_

X-Env-Rcptto: t_

X-SourceIP: 212.54.57.97

X-Spam: yes

X-CNFS-Analysis: v=2.3 cv=KP/

 

 

 

X-Spam-Action: folder Spam

X-Spam-Reason: CMAE_SCORE=96.00

Received: from smtpq2.tb.ukmail.iss.as9143.net ([212.54.57.97])

by mx3.tb.ukmail.iss.as9143.net with ESMTP

id kY9VjxOnM ; Sun, 14 Jun 2020 21:18:45 +0200

Received: from [212.54.57.81] (helo=smtp2.tb.ukmail.iss.as9143.net)

by smtpq2.tb.ukmail.iss.as9143.net with esmtp (Exim 4.86_2)

(envelope-from <t_ )

id 1jkY9U-

Received: from oxbe18.tb.ukmail.iss.as9143.net ([172.25.160.149])

by smtp2.tb.ukmail.iss.as9143.net with ESMTP

0 Kudos
Reply
BillC45
  • 1.67K
  • 207
  • 924
Very Insightful Person
Very Insightful Person
546 Views
Message 2 of 5
Flag for a moderator
Helpful Answer

Re: Email hacked ?

1. Like VirginMedia, Ziggo is part of the Liberty Global empire and handles some aspects of the overall VM email service.

2. VM’s provider of spam detection software is Cloudmark.

3. Every email passing through the analysis software is assigned a score in the range 0 to 100 where 100 means – certain to be spam. Your quoted example shows a high score of 96 (96% likely to be spam). CMAE is short for CloudMark Analysis Engine.

4. The turnover of changes to the CMAE software is practically non-stop and some false positives can creep in from time to time. These are usually corrected within a short elapsed time.

It might help to know -

a) which OS – Windows, MAC, other

b) which email client - Outlook etc

c) do you have a default signature to your emails and/or URL links to websites?

d) anything else out of the ordinary in your setup – VPNs etc?

e) have you checked if your IP address is on any blacklist? Use MxToolbox (Blacklists) to query that.

t_broon
  • 3
  • 0
  • 0
Joining in
506 Views
Message 3 of 5
Flag for a moderator

Re: Email hacked ?

Hi and thank you so much for such a comprehensive reply.

I access Virgin email through their web based service but have in the past use Outlook but not for ages.

I usually access it through Edge but have recently logged on through Chrome with Surfshark running as the VPN.

I don't use a signature or put links to websites  and the email that first triggered the SPAM message was to a colleague's work email address. It didn't contain anything that I though was an issue.

I have recently changed my settings on Surfshark and wonder if the software used to check for outgoing SPAM has noted changes to the IP addresses used as well as come content in the email. I will try the software you mentioned now and see if that throws anything up. All of the anti-virus and malware software I am running, carrying out deep 5/6 hour scans of every folder say my system is clean and free of any unwanted or dangerous software.

Many thanks for your help.

Thanks

Tony

Am I right in thinking 

0 Kudos
Reply
t_broon
  • 3
  • 0
  • 0
Joining in
499 Views
Message 4 of 5
Flag for a moderator

Re: Email hacked ?

Hi again, not sure if am replying to correct post !

Just used mxtoolbox with Blacklist and everything with my VPN IP was green and ok. When I put it the Ziggo 212.54.57.97 IP address it brought up a few red warnings which might be the reason it was marked as SPAM and would let me send it.

If Ziggo and VM are linked it would appear that this blacklisting is not being caused by software on my pc ? Am I right to think this ? Should I advise VM or as you mentioned would they have realised this and sorted it out ? I have not dared logging onto my email in case it allowed someone control of it even though I changed passwords and everything recommended by VM. I have just sent myself an email and it has the same IP address as above but showed a PASS in the Source code for the message in relation to SPAM. Maybe it was just a blip ?

Once again Many thanks.

Tony

0 Kudos
Reply
BillC45
  • 1.67K
  • 207
  • 924
Very Insightful Person
Very Insightful Person
489 Views
Message 5 of 5
Flag for a moderator

Re: Email hacked ?

I don’t think your PC has been hacked.

I suspect that the recent change of VPN IP address has been on one or more blacklists for one or more short periods of time. It is frustratingly difficult to pin down some addresses which are on and off blacklists at very short intervals. The VPN owners are always very quick to request removal from such lists. Can you try sending emails (to self) without using the VPN and report what happens?

 

 

0 Kudos
Reply