3
1
I have received a suspicious e-mail. I am not affiliated with the company mentioned in the e-mail body, or the signer. However, I have been using the app they mention in the e-mail. They are inviting me to a Beta test. But the e-mail is not by the original author of the app. But I'm thinking they might have hired an external company to do this version of the app. There is a link to a TestFlight page. So I'm not sure what to make of this.
Now this is what mainly arose my attention.
From: Anders Bergman <anders.bergman@bontouch.com>
To: Bon Support
Cc:
Subject: Test av nya BBK för Android
This is how it shows up in Outlook 2010. The "To" field is addressed to "Bon Support" and when I double-click on that I see support@bontouch.com
. I can assure you that none of these are my e-mail addresses. So where the heck is my own e-mail address? How could I have received this if it was addressed to someone else? If not spammers and skimmers and other criminals, who else is using this practice and why? And how can I tell now to what e-mail account I received this? I have more than one account set up in Outlook.
Update
X-T2-Real-To: <my-email@tele2.se>
Return-Path: <anders.bergman@bontouch.com>
X-T2-Spam-Status: No, hits=-0.1 required=5.0 tests=BAYES_50,
HTML_MESSAGE,RCVD_IN_DNSWL_LOW
Received: from <my-email-account-address-as-used-by-server@tele2.se>
by mailbe03.swip.net (CommuniGate Pro RULE 5.4.4)
with RULE id 171382165; Wed, 23 Oct 2013 10:30:14 +0200
X-Autogenerated: Mirror
Resent-From: <my-email-account-address-as-used-by-server@tele2.se>
Resent-Date: Wed, 23 Oct 2013 10:30:14 +0200
X-T2-Real-To: <my-email@tele2.se>
X-T2-Spam-Status: No, hits=-0.1 required=5.0 tests=BAYES_50,
HTML_MESSAGE,RCVD_IN_DNSWL_LOW
Received: from mail-la0-f49.google.com ([209.85.215.49] verified)
by mailfe07.swip.net (CommuniGate Pro SMTP 5.4.4)
with ESMTPS id 446061965 for my-email@tele2.se; Wed, 23 Oct 2013 10:30:12 +0200
Received-SPF: none
receiver=mailfe07.swip.net; client-ip=209.85.215.49; envelope-from=anders.bergman@bontouch.com
Received: by mail-la0-f49.google.com with SMTP id eh20so357260lab.8
for <my-email@tele2.se>; Wed, 23 Oct 2013 01:30:10 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:from:content-type:date:subject:to:message-id
:mime-version;
bh=JprkfYQhNUhcVFA7ZpzJa94c1OV0Fabysm64G9QOXlI=;
b=XGMTt4NB4404RL0z5tKQNIYX8WJw6fr73dQNS3+wXxijyXWcXY0AVjQkKg6r9mY3uy
RecuFcwuZo6UeXNr6fDqR3gVTsEfXKe8OxNQAZY5LJVCUKbX9LvxkBnFvcRt690fLe2l
CRlJkfrGg/pxsX1dvoCbtGpR/zOZLkt+3Y1p6LyYuMZBtTMSKxyF0lNoML2JwnF0hf5w
LayOFidlYtYhCwXo01tpg2MXxIAxrk3UH+IcVLDjr/M/+Cd+I0j3COeKTq3oL7e3p58s
vuRUZrYdgsdOYxWwD8UmIrS40sTsSgV3hMm1jftCiQGqnTT6o3llYxCVjIE5Ki0HG/My
RkfQ==
X-Gm-Message-State: ALoCoQkZJT/ZGaGrnfpKLyO8LRTO1EuDp39F4SZ9Gax9puG3RlHfTAe8cUIqZdvPSVOiiXJ0gS+l
X-Received: by 10.152.171.72 with SMTP id as8mr258717lac.33.1382517010017;
Wed, 23 Oct 2013 01:30:10 -0700 (PDT)
X-Original-Return-Path: <anders.bergman@bontouch.com>
Received: from [10.0.1.144] (77.72.97.10.c.fiberdirekt.net. [77.72.97.10])
by mx.google.com with ESMTPSA id mr1sm18536043lbc.16.2013.10.23.01.30.04
for <multiple recipients>
(version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
Wed, 23 Oct 2013 01:30:09 -0700 (PDT)
From: Anders Bergman <anders.bergman@bontouch.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_D829B436-0812-4CDC-BE9A-555257A9A44B"
Date: Wed, 23 Oct 2013 10:30:02 +0200
Subject: =?iso-8859-1?Q?Testa_av_nya_BBK_f=F6r_Android?=
To: Bon Support <support@bontouch.com>
Message-Id: <02BCA896-E025-4617-8993-BB21F007AF25@bontouch.com>
Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\))
X-Mailer: Apple Mail (2.1508)
Now here are the interesting bits of information. The "real" To address:
X-T2-Real-To: <my-email@tele2.se>
The "return path" address:
Return-Path: <anders.bergman@bontouch.com>
It has been scanned for SPAM with Spam Assasin (Bayes 50 rule). "SpamAssassin includes a Bayesian filter that assigns scores based on the user's previous email history. Bayesian spam probability is 40 to 60%."
X-T2-Spam-Status: No, hits=-0.1 required=5.0 tests=BAYES_50
I can see it was sent to multiple recipients. I'd say this is indicative of a Bcc mail.
for <multiple recipients>
I also see he used Apple Mail 6.5 to send the e-mail.
Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\))
X-Mailer: Apple Mail (2.1508)
So it looks like he's running OS X 10.8.x Mountain Lion. That's kind of cool to know.
He is in fact running Mac OS X, so I'd say it's a genuine e-mail, and not a spam. Yes, I know that by the fact that he is using a Mac! Apple users have a life, they don't do spam. ;)
Related: http://superuser.com/questions/207926/if-to-and-from-headers-are-the-spammers-email-address-how-did-i-get-this-e/
– aexl – 2016-12-26T09:54:10.4571If it was BCC'ed to you then you will not see your email address. Useful when BCC'ing to several people without leaking their emails addresses to all recipients. – Hennes – 2013-10-25T21:52:41.107
1Your e-mail was probably in the BCC (Blind Carbon Copy). This is usually done when sending to multiple recipients and the recipients must not see each-other. In these kind of "mass"-mailing you always use your own e-mail in the from and to header and use all the recipients in the BCC. – Rik – 2013-10-25T21:53:52.193
@Hennes Okay. So is there a way to reveal the Bcc list? – Samir – 2013-10-25T22:18:22.763
@Rik I see that I can view the Bcc option when I create a new e-mail, by going to Options, and then Bcc in the "Show fields" section in Outlook 2010. But is there no way for me to reveal the Bcc list of a received e-mail? – Samir – 2013-10-25T22:19:59.990
1Nope, you'll never be able to see all the recipients. That's the whole idea of BCC. It is possible to see that is is really intended for you by viewing the "Received"-header. In these your e-mail address should be visible (but your address only and never the others). – Rik – 2013-10-25T22:24:03.047
@Hennes The fact that it says
X-Google-DKIM-Signature
does that mean he used Google Apps and Google Mail? – Samir – 2013-10-25T23:22:52.087You're not the only one. here (English translation)
– Rik – 2013-10-25T23:54:49.323BTW
X-Mailer
are send from the computer sending the mail. These are real easy to fake. So spammers use fake headers all the time. If you trust the sender the information is probably correct. If it is a spammer don't expect this information to be accurate. – Rik – 2013-10-26T00:02:41.697