[kwlug-disc] Email received with no email address in the to: line

Khalid Baheyeldin kb at 2bits.com
Mon Apr 10 17:29:00 EDT 2017 

Agree that managing your email infrastructure is a very daunting task.

But back to the email message:

Here are the headers, the best I could decipher them:

===
Delivered-To: REDACTED at gmail.com Received: by 10.182.177.4 with SMTP id
cm4csp425740obc; Mon, 10 Apr 2017 07:46:07 -0700 (PDT)
X-Received: by 10.107.5.139 with SMTP id
133mr53006106iof.107.1491835567672; Mon, 10 Apr 2017 07:46:07 -0700 (PDT)
Return-Path: <powerschool at hccsc.k12.in.us>
Received: from astaro.hccsc.k12.in.us (mail.hccsc.k12.in.us.
[165.139.22.133]) by mx.google.com with ESMTPS id
b17si14505692iob.27.2017.04.10.07.46.07 for <REDACTED at gmail.com>
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 10
Apr 2017 07:46:07 -0700 (PDT)
Received-SPF: pass (google.com: domain of powerschool at hccsc.k12.in.us
designates 165.139.22.133 as permitted sender) client-ip=165.139.22.133;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of
powerschool at hccsc.k12.in.us designates 165.139.22.133 as permitted sender)
smtp.mailfrom=powerschool at hccsc.k12.in.us
Received: from [172.28.2.9] (port=41438 helo=V1-EXCH-01.hccsc.k12.in.us) by
astaro.hccsc.k12.in.us with esmtps (TLSv1:DHE-RSA-AES256-SHA:256) (Exim
4.82_1-5b7a7c0-XX) (envelope-from <powerschool at hccsc.k12.in.us>) id
1cxaZw-0000JA-2h for REDACTED at gmail.com; Mon, 10 Apr 2017 10:46:04 -0400
Received: from 172.28.2.2 (172.28.2.2) by V1-EXCH-01.hccsc.k12.in.us
(172.28.2.9) with Microsoft SMTP Server id 14.3.319.2; Mon, 10 Apr 2017
10:46:03 -0400
Date: Mon, 10 Apr 2017 14:46:01 +0000
Subject: Your PowerSchool Parent account information has changed.
From: <powerschool at hccsc.k12.in.us>
Content-Type: text/plain; charset="UTF-8" MIME-Version: 1.0 Message-ID: <
9f22a1e8-a73e-44a6-9b78-cc932ed4ab75 at V1-EXCH-01.hccsc.k12.in.us>
To: Undisclosed recipients:;
Return-Path: powerschool at hccsc.k12.in.us

You have received this notification because the following information for
your PowerSchool Parent account has changed:
Student: Jason Blake was removed
The change was made on 04/10/2017 at 10:45 AM.
If the changes described above are accurate, no further action is needed.
If anything does not look right, contact your school directly.
===
ancient or not, it may be a one or two letter typo that made it end up in
your inbox.

There is this in the headers:

From: <powerschool at hccsc.k12.in.us>

And it is in the return path as well.

So perhaps try emailing that from the ancient address, and ask for
investigation/removal.

All this does not have any sign of spam so far.

On Mon, Apr 10, 2017 at 5:04 PM, Chamunks <chamunks at gmail.com> wrote:

> The email they contacted is ancient, from 2005 Gmail private beta. It gets
> copious amounts of spam.  I just don't see any real website affiliated with
> PowerSchool or anything like that contained in the email.
>
> Yeah the header was a terrible mess. I should have tried to clean it up a
> bit aside from just redacting my email from it.
>
> I just wish that people would read about all the reasons not to run your
> own email server before they started.  It's upsetting how complex it is.
> This is why i jumped on https://Poste.io
>
> On Mon, Apr 10, 2017, 4:57 PM Khalid Baheyeldin <kb at 2bits.com> wrote:
>
>> I went cross-eyed trying to read the headers (Google changed the
>> 'Original' from plain text in the past to HTML now, and hence the headers
>> are not separated by new lines).
>>
>> The fact that the To: header does not have an email address may not be an
>> issue at all.
>>
>> See this for example:
>>
>> https://sites.google.com/a/stcharlessd.org/technology-
>> for-you/stuff-of-interest/googlemail-sendingemailtoundisclosedrecipients
>>
>> It could very well be a genuine message, but perhaps there is a
>> mis-spelling on the email address by one or to characters which happens to
>> be your email address.
>>
>> Try to contact them and ask if this is the case.
>>
>> On Mon, Apr 10, 2017 at 4:44 PM, Chamunks <chamunks at gmail.com> wrote:
>>
>> I tried finding something like that but couldn't remember what to look
>> for.   Found it and I'm including a sanitized paste of the original email
>> content. Although it doesn't look like this is my fault it looks like it's
>> on Google. I just don't want to be leaking spam.
>>
>> Delivered-To: REDACTED at gmail.com Received: by 10.182.177.4 with SMTP id
>> cm4csp425740obc; Mon, 10 Apr 2017 07:46:07 -0700 (PDT) X-Received: by
>> 10.107.5.139 with SMTP id 133mr53006106iof.107.1491835567672; Mon, 10
>> Apr 2017 07:46:07 -0700 (PDT) Return-Path: <powerschool at hccsc.k12.in.us>
>> Received: from astaro.hccsc.k12.in.us (mail.hccsc.k12.in.us.
>> [165.139.22.133]) by mx.google.com with ESMTPS id
>> b17si14505692iob.27.2017.04.10.07.46.07 for <REDACTED at gmail.com>
>> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon,
>> 10 Apr 2017 07:46:07 -0700 (PDT) Received-SPF: pass (google.com: domain
>> of powerschool at hccsc.k12.in.us designates 165.139.22.133 as permitted
>> sender) client-ip=165.139.22.133; Authentication-Results: mx.google.com;
>> spf=pass (google.com: domain of powerschool at hccsc.k12.in.us designates
>> 165.139.22.133 as permitted sender) smtp.mailfrom=powerschool@
>> hccsc.k12.in.us Received: from [172.28.2.9] (port=41438 helo=
>> V1-EXCH-01.hccsc.k12.in.us) by astaro.hccsc.k12.in.us with esmtps
>> (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.82_1-5b7a7c0-XX) (envelope-from <
>> powerschool at hccsc.k12.in.us>) id 1cxaZw-0000JA-2h for REDACTED at gmail.com;
>> Mon, 10 Apr 2017 10:46:04 -0400 Received: from 172.28.2.2 (172.28.2.2) by
>> V1-EXCH-01.hccsc.k12.in.us (172.28.2.9) with Microsoft SMTP Server id
>> 14.3.319.2; Mon, 10 Apr 2017 10:46:03 -0400 Date: Mon, 10 Apr 2017 14:46:01
>> +0000 Subject: Your PowerSchool Parent account information has changed.
>> From: <powerschool at hccsc.k12.in.us> Content-Type: text/plain;
>> charset="UTF-8" MIME-Version: 1.0 Message-ID: <9f22a1e8-a73e-44a6-9b78-
>> cc932ed4ab75 at V1-EXCH-01.hccsc.k12.in.us> To: Undisclosed recipients:;
>> Return-Path: powerschool at hccsc.k12.in.us You have received this
>> notification because the following information for your PowerSchool Parent
>> account has changed: Student: Jason Blake was removed The change was made
>> on 04/10/2017 at 10:45 AM. If the changes described above are accurate, no
>> further action is needed. If anything does not look right, contact your
>> school directly.
>>
>> On Mon, Apr 10, 2017, 4:32 PM Khalid Baheyeldin <kb at 2bits.com> wrote:
>>
>> Did you check the headers?
>>
>> It is under 'Show Original' from the drop down arrow on the right of the
>> message.
>>
>>
>> On Mon, Apr 10, 2017 at 4:26 PM, Chamunks <chamunks at gmail.com> wrote:
>>
>> Sorry about the double post... Touch screens are too sensitive and I hit
>> send while switching hands.
>>
>> Cont'd...  I'm guessing that someone's found a way to send strange emails
>> to all of my servers users or something.  There's really not much
>> information in the Gmail ui anymore.  They seem to be really trying to make
>> it tough for people who care about the details lately.  ( Like in chrome
>> you have to dig real deep into the inspector to read tls cert info.)
>>
>> On Mon, Apr 10, 2017, 4:22 PM Chamunks <chamunks at gmail.com> wrote:
>>
>> I'm wondering and if anyone else has had this before. The only reason I
>> can think is that Gmail fetched an email from my new email server I setup
>> using https://poste.io which is a docker runnable complete email
>> solution with a proprietary panel on top of Foss software beneath it.
>>
>>
>> _______________________________________________
>> kwlug-disc mailing list
>> kwlug-disc at kwlug.org
>> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>>
>>
>>
>>
>> --
>> Khalid M. Baheyeldin
>> 2bits.com, Inc.
>> Fast Reliable Drupal
>> Drupal optimization, development, customization and consulting.
>> Simplicity is prerequisite for reliability. --  Edsger W.Dijkstra
>> Simplicity is the ultimate sophistication. --   Leonardo da Vinci
>> For every complex problem, there is an answer that is clear, simple, and
>> wrong." -- H.L. Mencken
>> _______________________________________________
>> kwlug-disc mailing list
>> kwlug-disc at kwlug.org
>> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>>
>>
>>
>>
>> --
>> Khalid M. Baheyeldin
>> 2bits.com, Inc.
>> Fast Reliable Drupal
>> Drupal optimization, development, customization and consulting.
>> Simplicity is prerequisite for reliability. --  Edsger W.Dijkstra
>> Simplicity is the ultimate sophistication. --   Leonardo da Vinci
>> For every complex problem, there is an answer that is clear, simple, and
>> wrong." -- H.L. Mencken
>> _______________________________________________
>> kwlug-disc mailing list
>> kwlug-disc at kwlug.org
>> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>>
>


-- 
Khalid M. Baheyeldin
2bits.com, Inc.
Fast Reliable Drupal
Drupal optimization, development, customization and consulting.
Simplicity is prerequisite for reliability. --  Edsger W.Dijkstra
Simplicity is the ultimate sophistication. --   Leonardo da Vinci
For every complex problem, there is an answer that is clear, simple, and
wrong." -- H.L. Mencken
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20170410/b7fdc167/attachment.htm>

More information about the kwlug-disc mailing list