Bonjour à toutes et à tous,
Mon nom de domaine est : BOCART.BE
Et j'utilise l'offre : MXPLAN
Je rencontre la problématique suivante : je voudrais comprendre comment qqn peut m'envoyer des SPAMS depuis ma propre adresse personnelle et surtout éliminer cette possibilité … Voici un exemple. Merci d'avance pour les lumières !
Contenu complet d'un mail brut :
Received: from DAG7EX1.mxp5.local (172.16.2.61) by DAG7EX2.mxp5.local
(172.16.2.62) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.31 via Mailbox
Transport; Mon, 2 Oct 2023 06:06:58 +0200
Received: from DAG5EX2.mxp5.local (172.16.2.42) by DAG7EX1.mxp5.local
(172.16.2.61) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.31; Mon, 2 Oct
2023 06:06:57 +0200
Received: from output47.mail.ovh.net (164.132.34.47) by mxplan5.mail.ovh.net
(172.16.2.42) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.31 via Frontend
Transport; Mon, 2 Oct 2023 06:06:57 +0200
Received: from vr32.mail.ovh.net (unknown [10.101.8.32])
by out47.mail.ovh.net (Postfix) with ESMTP id 4RzS8153Y8zVqcWqb
for ; Mon, 2 Oct 2023 04:06:57 +0000 (UTC)
Received: from in45.mail.ovh.net (unknown [10.101.4.45])
by vr32.mail.ovh.net (Postfix) with ESMTP id 4RzS7v72kwz3XskDm
for ; Mon, 2 Oct 2023 04:06:51 +0000 (UTC)
Received-SPF: Pass (DAG7EX1.mxp5.local: domain of andre@bocart.be designates
164.132.34.47 as permitted sender) receiver=DAG7EX1.mxp5.local;
client-ip=164.132.34.47; helo=output47.mail.ovh.net;
Received-SPF: Softfail (mailfrom) identity=mailfrom; client-ip=171.252.154.43; helo=[171.252.154.43]; envelope-from=andre@bocart.be; receiver=andre@bocart.be
Authentication-Results: in45.mail.ovh.net; dkim=none; dkim-atps=neutral
Received: from [171.252.154.43] (unknown [171.252.154.43])
by in45.mail.ovh.net (Postfix) with SMTP id 4RzS7s4y7zz2P0826
for ; Mon, 2 Oct 2023 04:06:48 +0000 (UTC)
Received: from vtomiwb ([25.55.153.215]) by 96614.com with MailEnable ESMTP; Mon, 2 Oct 2023 11:06:51 +0700
Received: (qmail 19135 invoked by uid 191); 2 Oct 2023 11:06:49 +0700
From:
To:
Subject: [SPAM] I RECORDED YOU!
Date: Mon, 2 Oct 2023 11:06:51 +0700
Message-ID: <191351.191351@96614.com>
Content-Type: text/plain
X-OVH-Remote: 171.252.154.43 ([171.252.154.43])
X-Ovh-Tracer-Id: 4745386634797764816
X-VR-SPAMSTATE: SCAM
X-VR-SPAMSCORE: 615
X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedvkedrvdejgddtudcutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfqggfjpdevjffgvefmvefgnecuuegrihhlohhuthemucehtddtnecuogetfedtuddqtdduucdludehmdenogfuphgrmhgsohhtqdftgedvhedqvdeiqdhtvghrucdlfedttddmnegoufgtrghmqdeugedtkedqtdekqdeuvfevucdlfedttddmnecujfgurhephffvufffkfggtgesthdttddttddttdenucfhrhhomheprghnughrvgessghotggrrhhtrdgsvgenucggtffrrghtthgvrhhnpedtudfhlefgjeekleetvdffteegledtvedtjeetueehvefhgfdtfefhjeevudekfeenucffohhmrghinhepsghlohgtkhgthhgrihhnrdgtohhmnecukfhppedujedurddvhedvrdduheegrdegfedpvdehrdehhedrudehfedrvdduheenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepihhnvghtpedujedurddvhedvrdduheegrdegfedpmhgrihhlfhhrohhmpeeorghnughrvgessghotggrrhhtrdgsvgeqpdhnsggprhgtphhtthhopedupdhrtghpthhtoheprghnughrvgessghotggrrhhtrdgsvgdpoffvtefjohhsthepvhhrfedvpdgukhhimhepnhhonhgvpdhgvghokffrpeggpfdprhgvvhfkrfepudejuddrvdehvddrudehgedrgeef
X-Ovh-Spam-Status: SPAM
X-Ovh-Spam-Reason: vr: SCAM; dkim: disabled; spf: disabled
X-Ovh-Message-Type: SCAM
X-Spam-Tag: YES
Return-Path: andre@bocart.be
X-MS-Exchange-Organization-Network-Message-Id: 065fd82a-bd8d-417c-e278-08dbc2fd0584
X-MS-Exchange-Organization-PRD: bocart.be
X-MS-Exchange-Organization-SenderIdResult: Pass
X-MS-Exchange-Organization-AVStamp-Enterprise: 1.0
X-Ovh-Tracer-GUID: 2cd82be5-c0e2-4cbc-b38f-da459f570a80
X-MS-Exchange-Organization-AuthSource: DAG5EX2.mxp5.local
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.3309731
X-MS-Exchange-Processed-By-BccFoldering: 15.01.2507.031
MIME-Version: 1.0
Hello there!
Unfortunately, there are some bad news for you.
Some time ago your device was infected with my private trojan, R.A.T (Remote Administration Tool), if you want to find out more about it simply use Google.
My trojan allows me to access your accounts, your camera and microphone.
Check the sender of this email, I have sent it from your email account.
You truly enjoy checking out porn websites and watching dirty videos, while having a lot of kinky fun.
I RECORDED YOU (through your camera) SATISFYING YOURSELF!
If you still doubt my serious intentions, it only takes couple mouse clicks to share the video of you with your friends, relatives, all email contacts and on social networks.
All you need is $1800 USD in Bitcoin (BTC) transfer to my account (Bitcoin equivalent based on exchange rate during your transfer).
After the transaction is successful, I will proceed to delete everything without delay.
Afterwards, we can pretend that we have never met before.
In addition, I assure you that all the harmful software will be deleted from your device.
Be sure, I keep my promises!
If you are unaware how to buy and send Bitcoin (BTC) - Google: Where to buy Bitcoin (BTC), to send and receive Bitcoin (BTC), you can register your wallet for example here: www.blockchain.com
My Bitcoin (BTC) address is: 17uHKCWeRBuGEYw2ujLDZna3b7sfxwT2ij
Yes, that's how the address looks like, copy and paste my address, it's (cAsE-sEnSEtiVE).
You are given not more than 48 hours after you have opened this email (2 days to be precise).
As I got access to this email account, I will know if this email has already been read.
Everything will be carried out based on fairness!
An advice from me - regularly change all your passwords to your accounts and update your device with newest security patches.
Bonjour @AndreB9
C'est du pipo. Message à mettre à la poubelle.
Bonjour,
C'est bien une usurpation mais reconnu par le serveur et "tag" en conséquence.
Received-SPF: Softfail (mailfrom) identity=mailfrom; client-ip=171.252.154.43; helo=[171.252.154.43]; envelope-from=andre@bocart.be; receiver=andre@bocart.be
Chez OVH cela reste dans la boite de réception par défaut, mais chez d'autre fournisseur cela serait arrivé dans les spams, ou quarantaine voir pas du tout.
Cordialement, janus57
Ca continue de plus belle et la question de savoir comment corriger le problème reste sans réponse. J'imagine que par cette méthode qqn peut aussi envoyer des mails soi-disant provenant de mon adresse à n'importe qui, pas rien qu'à moi-même … Faut-il changer de provider ?
Merci d'avance pour les lumières.
Ca continue de plus belle
Mettez dans votre SPF: `-all` au lieu de `~all`
A votre niveau, vous ne pouvez rien faire de mieux.