[kwlug-disc] Email received with no email address in the to: line

Chamunks chamunks at gmail.com
Mon Apr 10 17:04:33 EDT 2017 

The email they contacted is ancient, from 2005 Gmail private beta. It gets
copious amounts of spam.  I just don't see any real website affiliated with
PowerSchool or anything like that contained in the email.

Yeah the header was a terrible mess. I should have tried to clean it up a
bit aside from just redacting my email from it.

I just wish that people would read about all the reasons not to run your
own email server before they started.  It's upsetting how complex it is.
This is why i jumped on https://Poste.io

On Mon, Apr 10, 2017, 4:57 PM Khalid Baheyeldin <kb at 2bits.com> wrote:

> I went cross-eyed trying to read the headers (Google changed the
> 'Original' from plain text in the past to HTML now, and hence the headers
> are not separated by new lines).
>
> The fact that the To: header does not have an email address may not be an
> issue at all.
>
> See this for example:
>
>
> https://sites.google.com/a/stcharlessd.org/technology-for-you/stuff-of-interest/googlemail-sendingemailtoundisclosedrecipients
>
> It could very well be a genuine message, but perhaps there is a
> mis-spelling on the email address by one or to characters which happens to
> be your email address.
>
> Try to contact them and ask if this is the case.
>
> On Mon, Apr 10, 2017 at 4:44 PM, Chamunks <chamunks at gmail.com> wrote:
>
> I tried finding something like that but couldn't remember what to look
> for.   Found it and I'm including a sanitized paste of the original email
> content. Although it doesn't look like this is my fault it looks like it's
> on Google. I just don't want to be leaking spam.
>
> Delivered-To: REDACTED at gmail.com Received: by 10.182.177.4 with SMTP id
> cm4csp425740obc; Mon, 10 Apr 2017 07:46:07 -0700 (PDT) X-Received: by
> 10.107.5.139 with SMTP id 133mr53006106iof.107.1491835567672; Mon, 10 Apr
> 2017 07:46:07 -0700 (PDT) Return-Path: <powerschool at hccsc.k12.in.us>
> Received: from astaro.hccsc.k12.in.us (mail.hccsc.k12.in.us.
> [165.139.22.133]) by mx.google.com with ESMTPS id
> b17si14505692iob.27.2017.04.10.07.46.07 for <REDACTED at gmail.com>
> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 10
> Apr 2017 07:46:07 -0700 (PDT) Received-SPF: pass (google.com: domain of
> powerschool at hccsc.k12.in.us designates 165.139.22.133 as permitted
> sender) client-ip=165.139.22.133; Authentication-Results: mx.google.com;
> spf=pass (google.com: domain of powerschool at hccsc.k12.in.us designates
> 165.139.22.133 as permitted sender) smtp.mailfrom=
> powerschool at hccsc.k12.in.us Received: from [172.28.2.9] (port=41438 helo=
> V1-EXCH-01.hccsc.k12.in.us) by astaro.hccsc.k12.in.us with esmtps
> (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.82_1-5b7a7c0-XX) (envelope-from <
> powerschool at hccsc.k12.in.us>) id 1cxaZw-0000JA-2h for REDACTED at gmail.com;
> Mon, 10 Apr 2017 10:46:04 -0400 Received: from 172.28.2.2 (172.28.2.2) by
> V1-EXCH-01.hccsc.k12.in.us (172.28.2.9) with Microsoft SMTP Server id
> 14.3.319.2; Mon, 10 Apr 2017 10:46:03 -0400 Date: Mon, 10 Apr 2017 14:46:01
> +0000 Subject: Your PowerSchool Parent account information has changed.
> From: <powerschool at hccsc.k12.in.us> Content-Type: text/plain;
> charset="UTF-8" MIME-Version: 1.0 Message-ID: <
> 9f22a1e8-a73e-44a6-9b78-cc932ed4ab75 at V1-EXCH-01.hccsc.k12.in.us> To:
> Undisclosed recipients:; Return-Path: powerschool at hccsc.k12.in.us You
> have received this notification because the following information for your
> PowerSchool Parent account has changed: Student: Jason Blake was removed
> The change was made on 04/10/2017 at 10:45 AM. If the changes described
> above are accurate, no further action is needed. If anything does not look
> right, contact your school directly.
>
> On Mon, Apr 10, 2017, 4:32 PM Khalid Baheyeldin <kb at 2bits.com> wrote:
>
> Did you check the headers?
>
> It is under 'Show Original' from the drop down arrow on the right of the
> message.
>
>
> On Mon, Apr 10, 2017 at 4:26 PM, Chamunks <chamunks at gmail.com> wrote:
>
> Sorry about the double post... Touch screens are too sensitive and I hit
> send while switching hands.
>
> Cont'd...  I'm guessing that someone's found a way to send strange emails
> to all of my servers users or something.  There's really not much
> information in the Gmail ui anymore.  They seem to be really trying to make
> it tough for people who care about the details lately.  ( Like in chrome
> you have to dig real deep into the inspector to read tls cert info.)
>
> On Mon, Apr 10, 2017, 4:22 PM Chamunks <chamunks at gmail.com> wrote:
>
> I'm wondering and if anyone else has had this before. The only reason I
> can think is that Gmail fetched an email from my new email server I setup
> using https://poste.io which is a docker runnable complete email solution
> with a proprietary panel on top of Foss software beneath it.
>
>
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>
>
>
>
> --
> Khalid M. Baheyeldin
> 2bits.com, Inc.
> Fast Reliable Drupal
> Drupal optimization, development, customization and consulting.
> Simplicity is prerequisite for reliability. --  Edsger W.Dijkstra
> Simplicity is the ultimate sophistication. --   Leonardo da Vinci
> For every complex problem, there is an answer that is clear, simple, and
> wrong." -- H.L. Mencken
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>
>
>
>
> --
> Khalid M. Baheyeldin
> 2bits.com, Inc.
> Fast Reliable Drupal
> Drupal optimization, development, customization and consulting.
> Simplicity is prerequisite for reliability. --  Edsger W.Dijkstra
> Simplicity is the ultimate sophistication. --   Leonardo da Vinci
> For every complex problem, there is an answer that is clear, simple, and
> wrong." -- H.L. Mencken
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20170410/297295aa/attachment.htm>

More information about the kwlug-disc mailing list