| 24 | |
| 25 | === No really, I think my account ''is'' hijacted === |
| 26 | |
| 27 | Of course, your account might really be hijacked... meaning that someone may have access to your username and password and is sending messages through our servers from you. |
| 28 | |
| 29 | The best way to find out is to examine the headers of the message. Each email is sent with extensive information about the various computers it passed through on it's way to you. Most email programs hide all but the basic headers. The steps to view the full headers are different for each email program. This [http://www.abika.com/Reports/Samples/emailheaderguide.htm web site] provide a comprehensive list of directions for many different programs. |
| 30 | |
| 31 | The key headers to watch for are the ones that start with Receive. From the bottom up, they report each mail server that message has passed through. Alghouth they can also be spoofed (so you should not believe them 100%), they typically can tell you where your message has been. |
| 32 | |
| 33 | The bottom most received headers on a message I just sent are: |
| 34 | |
| 35 | {{{ |
| 36 | |
| 37 | Received: from chavez.mayfirst.org ([127.0.0.1]) |
| 38 | by localhost (chavez.mayfirst.org [127.0.0.1]) (amavisd-new, port 10024) |
| 39 | with ESMTP id 4EtnYPmvbvgY for <jmcclelland@chavez.mayfirst.org>; |
| 40 | Mon, 5 Jul 2010 15:45:26 -0400 (EDT) |
| 41 | Received: from [127.0.0.1] (localhost [127.0.0.1]) (Authenticated sender: |
| 42 | jmcclelland@chavez.mayfirst.org) with ESMTPSA id DB7F744113 |
| 43 | Received: by chicken.mayfirst.org (Postfix, from userid 1000) |
| 44 | id AA80F36F4E; Mon, 5 Jul 2010 15:44:23 -0400 (EDT) |
| 45 | }}} |
| 46 | |
| 47 | The bottom most one says "chicken.mayfirst.org" - that's my own computer. Next comes the anonymized line the strips your personal information about receiving the message on our servers. The third, top-most line, is chavez reporting that it has received the message. |
| 48 | |
| 49 | Typically, a spoofed email will show other servers prior to the chavez line, indicating that the message was sent by a server not under our control. |
| 50 | |
| 51 | If you have a spoofed email that has headers resembling the ones above please [/newticket open a ticket] with a copy of the headers so we can determine if your account is compromised. |
| 52 | |
| 53 | jamie |