Lee Bussy Posted January 18, 2016 Report Share Posted January 18, 2016 Emails from the forum are getting flagged as possible spoofs. It looks as if the mail host shows as cic03.aws.ipslink.com instead of from woodtalkonline.com. Here's a header: Delivered-To: xxxxx@bussy.org Received: by 10.112.101.7 with SMTP id fc7csp2019984lbb; Mon, 18 Jan 2016 09:08:43 -0800 (PST) X-Received: by 10.140.93.77 with SMTP id c71mr33474374qge.46.1453136922936; Mon, 18 Jan 2016 09:08:42 -0800 (PST) Return-Path: <woodtalk@cic03.aws.ipslink.com> Received: from cic03.aws.ipslink.com (ec2-52-70-228-38.compute-1.amazonaws.com. [52.70.228.38]) by mx.google.com with ESMTPS id a18si31806051qkb.114.2016.01.18.09.08.42 for <xxxxx@bussy.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 18 Jan 2016 09:08:42 -0800 (PST) Received-SPF: neutral (google.com: 52.70.228.38 is neither permitted nor denied by best guess record for domain of woodtalk@cic03.aws.ipslink.com) client-ip=52.70.228.38; Authentication-Results: mx.google.com; spf=neutral (google.com: 52.70.228.38 is neither permitted nor denied by best guess record for domain of woodtalk@cic03.aws.ipslink.com) smtp.mailfrom=woodtalk@cic03.aws.ipslink.com; dmarc=fail (p=NONE dis=NONE) header.from=gmail.com Received: from woodtalk by cic03.aws.ipslink.com with local (Exim 4.86) (envelope-from <woodtalk@cic03.aws.ipslink.com>) id 1aLDGC-0000tU-MW for xxxxx@bussy.org; Mon, 18 Jan 2016 17:06:32 +0000 To: xxxxx@bussy.org Subject: L'art do Menuisier X-PHP-Script: www.woodtalkonline.com/index.php for 75.159.132.152 MIME-Version: 1.0 Precedence: list Auto-Submitted: auto-generated Date: Mon, 18 Jan 2016 17:06:32 +0000 Content-Type: multipart/alternative; boundary="--==_mimepart_494d909f4c2e182722ccb7b984a0cdce"; charset=UTF-8 Content-Transfer-Encoding: 8bit From: =?UTF-8?B?V29vZCBUYWxrIE9ubGluZQ==?= <thewoodwhisperer@gmail.com> Message-Id: <E1aLDGC-0000tU-MW@cic03.aws.ipslink.com> X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - cic03.aws.ipslink.com X-AntiAbuse: Original Domain - bussy.org X-AntiAbuse: Originator/Caller UID/GID - [1037 992] / [47 12] X-AntiAbuse: Sender Address Domain - cic03.aws.ipslink.com X-Get-Message-Sender-Via: cic03.aws.ipslink.com: authenticated_id: woodtalk/only user confirmed/virtual account not confirmed X-Authenticated-Sender: cic03.aws.ipslink.com: woodtalk X-Source: /usr/bin/php X-Source-Args: /usr/bin/php /home/woodtalk/public_html/index.php X-Source-Dir: woodtalkonline.invisionconnect.com:/public_html Quote Link to comment Share on other sites More sharing options...
Lee Bussy Posted January 19, 2016 Author Report Share Posted January 19, 2016 Here's the flag I see in my email: I just received a PILE of email that should have been sent yesterday so it appears to me that something else is screwy on top of this. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.