|
|
|
|
| Author |
|
|
1.367m later
Join Date: Feb 2002
Location: small farm town Iowa..........at last
Posts: 6,357
|
Decipher this code
I received an email supposedly from USPS. It didn't look right so I right clicked the "FROM" in the header which gave me a variety of options. I chose "show complete header". This is what I get. Looks very suspicious to me.
From Standard Shipping Sun Apr 6 11:59:40 2014 X-Apparently-To: via 98.138.90.142; Sun, 06 Apr 2014 18:59:48 +0000 Return-Path: Received-SPF: permerror (encountered permanent error during SPF processing of domain of migdal.com.mx) ZG50IG1ha2UgdGhlIGRlbGl2ZXJ5IG9mIHBhcmNlbCB0byB5b3 UgYXQgMzF0 aCBNYXJjaC4gUHJpbnQgbGFiZWwgYW5kIHNob3cgaXQgaW4gdG hlIG5lYXJl c3QgcG9zdCBvZmZpY2UuIFByaW50IGEgU2hpcHBpbmcgTGFiZW wgTk9XIFVT UFMgfCBDb3B5cmlnaHQgMjAxNCBVU1BTLiBBbGwgUmlnaHRzIF Jlc2VydmVk LiABMAEBAQEDdGV4dC9wbGFpbgMDMAIDdGV4dC9odG1sAwMz X-YMailISG: vQWzs3MWLDsuNpCZZVMBowoS9lqAhN13raWjZ286lDom27mc iyghSSG64rZdJkTWOyXleyJR2s8oy9OcuDORci86rSz.vtpoDY k7LBIcigaz VokxkV.AqsG.GvxPFDG5AFgzjvgavwbGxgqupk5aB46f2ux5HT QjfrkskG1L CRYX_RSsYMnlaofHch7ysy2XI260F4BexgQ8_bQuuKOYk7GYrC i5_XXu0Vvs P9HL1MnElTIHjamUhlkLXo8yL5dvXlvLdSucmN9Fzck04RyMc_ e.8_mFCBMx rqmS_0TQKCUqmxIEGaX_zibo9nrYdZq14EYRMHa9x7zoQR77A8 NSfiTkU5zu eLUceYVxZcjfDI6aCmvp1Syua0ZMuAkaml7lPSu4D8lEWdGJNg euwiTIPDf9 DX.AHTEShbWCYCf3I_Mz_POBsx3B9_pttQbMkOUSwc3_8UXV0M OFm3T2kzRh QS2pP31IsyWhaXftLqWhrtf2agPwF7snORCuznLDOKjKIytqne 7qcXrYv2FU XusrWPRhvW.u_vE1u92IRd5Xf9scF8tprR2vbpa0yqoL.cpxtp 0CtuM1.zfb i4GISWPVSilpPDyLhRtt7YiUus5yBqaXgkrm0Nia8iF8CVr5Uu ormu6DY6wT N0jOaS1S0EeoJxL9fTAkS0m8e5spEJfi4kpQVx3aE2yNpdhjX5 rWC93J5kPt 1zQ9K1jqLTfKNTTJ0GPf7UCT85AFlmzyWFp4GI4UslfnMlzvrz 6TSPidWKJp NRSJHTNIhci4C5yjgVnXnMn1mpHgajzOueSVXO4XtkApOYnvXL Nd5YDAPLXS jgQ2LzbW.qZBdOetShUZIrSot_60lHzXIEXmADd78r_UC07nU1 o49D717Aa1 UNOWaRu_sn0Mg0nVsuIUuPE5ChCT_yV2dQK.IRFslVmZSSvWt5 W.hC1nolXP B6ewppbH3uprlrG8pu0bB3kYvcrQDpAkQZZa0uABJ6RbVyjlj2 kWSvRB6EK0 wbGXzw61Pzj5yjjehd54ljRdVrF1pyuyS1gL3jdfnmGzM6Mxiv o_gfQaSO6K jWvPYrfELTidTlVeHcs7noEThYGSM5G_zym.GGLBtP3Z.xLWJx ZgJy_f.IKL mhsQBaB.7IRw3KVBUsW2KAtFjtJ7rLktyFcg1lJiCdeeQYdd7N _Jt5rhxDh_ J2o5_jGzWXVV0NkKm1CPGzZrCki0tm1CQyO343tqkDuN.1WcYt yGE66HWRr9 wcWDq9ZD8V0FXkuq9rRDNFpNPudENYl6C4hJJT5iJm0LkYV6Ae dCh1dIok3G _UtQJgjMSw-- X-Originating-IP: [207.46.163.203] Authentication-Results: mta1020.biz.mail.bf1.yahoo.com from=migdal.com.mx; domainkeys=neutral (no sig); from=migdal.com.mx; dkim=neutral (no sig) Received: from 127.0.0.1 (EHLO na01-bl2-obe.outbound.protection.outlook.com) (207.46.163.203) by mta1020.biz.mail.bf1.yahoo.com with SMTPS; Sun, 06 Apr 2014 18:59:48 +0000 Received: from BY2PRD0610HT003.namprd06.prod.outlook.com (157.56.236.117) by DM2PR03MB352.namprd03.prod.outlook.com (10.141.54.24) with Microsoft SMTP Server (TLS) id 15.0.913.9; Sun, 6 Apr 2014 18:59:40 +0000 Content-Type: multipart/alternative; boundary="===============7963665269992628516==" MIME-Version: 1.0 Subject: Ship Notification From: Standard Shipping To: <> Message-ID: <84b9b4e0-05bf-47ce-98a6-97e02cd46122@DM2PR03MB352.namprd03.prod.outlook.co m> Return-Path: recepcionxalostoc@migdal.com.mx Date: Sun, 6 Apr 2014 18:59:40 +0000 X-Originating-IP: [157.56.236.117] X-ClientProxiedBy: CH1PR03CA007.namprd03.prod.outlook.com (10.255.156.152) To DM2PR03MB352.namprd03.prod.outlook.com (10.141.54.24) X-Forefront-PRVS: 0173C6D4D5 X-Forefront-Antispam-Report: =?us-ascii?Q?SFV:NSPM;SFS  10009001)(428001)(199002)(18 9002)(77096001)(76?==?us-ascii?Q?176001)(31696002)(85852003)(15188155005)(9 8676001)(56816005)?= =?us-ascii?Q?(83072002)(85306002)(90146001)(46102001)(9 9396002)(54356001)?= =?us-ascii?Q?(54316002)(42186004)(95416001)(33646001)(9 5666003)(74502001)?= =?us-ascii?Q?(47736001)(49866001)(47446002)(94946001)(7 4482001)(83322001)?= =?us-ascii?Q?(4396001)(92566001)(50986001)(19580395003) (84326002)(9431600?= =?us-ascii?Q?2)(74662001)(31966008)(93136001)(76796001) (53806001)(1520234?= =?us-ascii?Q?5003)(56776001)(81816001)(87976001)(692260 01)(66066001)(2077?= =?us-ascii?Q?6003)(80022001)(79102001)(81542001)(748760 01)(63696002)(1597?= =?us-ascii?Q?5445006)(74706001)(80976001)(97336001)(816 86001)(97186001)(7?= =?us-ascii?Q?6786001)(51856001)(76482001)(47976001)(813 42001)(221733001)(?= =?us-ascii?Q?93516002)(87266001)(65816001)(76576001)(86 362001)(77982001)(?= =?us-ascii?Q?59766001)(71186001)(74366001)(74316001)(92 726001)(1679995500?= =?us-ascii?Q?2)(512954002)(42262001)(24616003)(89386001 )(19623215001);DIR?= =?us-ascii?Q?:OUT;SFP:1101;SCL:1;SRVR  M2PR03MB352;H:BY 2PRD0610HT003.namp?==?us-ascii?Q?rd06.prod.outlook.com;FPR:3848E51D.9B9D9D0 B.B6E91C5.58E97977?= =?us-ascii?Q?.200AB;MLV:nov;PTR:InfoNoRecords;A:1;MX:1; LANG:en;?= Received-SPF: None (: migdal.com.mx does not designate permitted sender hosts) X-OriginatorOrg: migdal.com.mx Content-Length: 3074
__________________
non velox ad propitiare, verisimile non oblivisci If it's not The Original Automotive Innovations and Restoration, then it's just hot AIR. Last edited by KevinP73; 04-06-2014 at 08:02 PM.. |
||
04-06-2014, 11:14 AM
|
|
|
Registered
Join Date: May 2003
Location: Stumptown
Posts: 502
|
I would be suspicious also, no reason I could think if that a USPS mail would originate from a Mexican domain.
|
||
|
04-06-2014, 11:47 AM
|
|
|
Registered
Join Date: Jul 2001
Location: Lawrenceville GA 30045
Posts: 7,377
|
Those shipment notifications are one of the more popular recent spams/phishing emails.
__________________
Mark '83 SC Targa - since 5/5/2001 '06 911 S Aerokit - from 5/2/2016 to 11/14/2018 '11 911 S w/PDK - from 7/2/2021 to ??? |
||
|
04-06-2014, 01:50 PM
|
|
|
Registered
Join Date: Oct 2007
Location: North Carolina
Posts: 1,025
|
Unless USPS is outsourcing their work to Mexico it's not legit.
The "code" in that block is a digital signature, not inherently suspicious. The sending host is migdal.com.mx, info here.
__________________
1980 911SC |
||
|
04-06-2014, 02:51 PM
|
|
|
Registered
Join Date: Oct 2007
Location: North Carolina
Posts: 1,025
|
Also, you should remove your email address from your post -- might get spammed.
__________________
1980 911SC |
||
|
04-06-2014, 03:20 PM
|
|
|
The Unsettler
Join Date: Dec 2002
Location: Lantanna TX
Posts: 23,885
|
Most shipment notices are spam.
If they have an attached zip, generally referred to as the docs they need you to review, that is a virus. Needless to say, don't open it.
__________________
"I want my two dollars" "Goodbye and thanks for the fish" "Proud Member and Supporter of the YWL" "Brandon Won" |
||
|
04-06-2014, 03:46 PM
|
|
|
|
Registered
Join Date: Jun 2000
Location: bottom left corner of the world
Posts: 22,729
|
Quote:
|
||
|
04-06-2014, 04:19 PM
|
|
|
1.367m later
Join Date: Feb 2002
Location: small farm town Iowa..........at last
Posts: 6,357
|
Quote:
__________________
non velox ad propitiare, verisimile non oblivisci If it's not The Original Automotive Innovations and Restoration, then it's just hot AIR. |
||
|
04-06-2014, 08:03 PM
|
|
