最近收到了几封发自自己邮箱帐号的邮件,是不是意味着我 gmail 被盗号了? - V2EX
首页 注册 登录
V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
tinytub
V2EX    问与答

最近收到了几封发自自己邮箱帐号的邮件,是不是意味着我 gmail 被盗号了?

  •   
  •   tinytub 2016-03-28 10:49:52 +08:00 7575 次点击
    这是一个创建于 3534 天前的主题,其中的信息可能已经有所发展或是发生改变。

    最近几天,大概一两天一封吧,发自自己邮箱的邮件.
    观察了一下发现发件人右面还会标记 通过“ trustedgig.net ”或“ zygostatical.com
    这是不是说明我被盗号了?

    我去找个图床,稍后上个图

    图来了

    http://i.imgur.com/1bBkHNv.png

    http://i.imgur.com/Qj1drkg.png

  • 盗号
  • 发件人
  • 图床
  • 发自
    7 条回复    2016-03-28 13:14:52 +08:00
    tinytub
        1
    tinytub  
    OP
       2016-03-28 10:59:49 +08:00
    又查了一下...难道是传说中的伪造发件人...
    shiji
        2
    shiji  
       2016-03-28 11:28:55 +08:00
    @tinytub 我前几天 Gmail 也收到过,显示是我邮箱发送到一个陌生 QQ 邮箱的。

    就是伪造发件人,然而构造的貌似比较特殊, Gmail 没有拦截,难以想象 spf 已经 fail 了,还是 gmail 的域,谷歌就直接放行了。

    ( my-email 替换我的地址)

    Delivered-To: [email protected]
    Received: by 10.107.17.148 with SMTP id 20csp212219ior;
    Wed, 23 Mar 2016 13:09:45 -0700 (PDT)
    X-Received: by 10.98.12.8 with SMTP id u8mr6957417pfi.36.1458763785000;
    Wed, 23 Mar 2016 13:09:45 -0700 (PDT)
    Return-Path: <[email protected]>
    Received: from o2.email.thecampaigngroup.us (o2.email.thecampaigngroup.us. [50.31.40.174])
    by mx.google.com with ESMTPS id sk6si6417210pab.138.2016.03.23.13.09.44
    for <[email protected]>
    (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
    Wed, 23 Mar 2016 13:09:44 -0700 (PDT)
    Received-SPF: softfail (google.com: domain of transitioning [email protected] does not designate 50.31.40.174 as permitted sender) client-ip=50.31.40.174;
    Authentication-Results: mx.google.com;
    dkim=pass [email protected];
    dkim=pass [email protected];
    spf=softfail (google.com: domain of transitioning [email protected] does not designate 50.31.40.174 as permitted sender) [email protected];
    dmarc=fail (p=NONE dis=NONE) header.from=gmail.com
    DKIM-Signature: v=1; a=rsa-sha1; c=relaxed;
    d=email.speakcreative.com;
    h=mime-version:from:to:subject:content-type; s=smtpapi;
    bh=z/5L23sL7pUaJKlQ1WG11OncYxg=; b=EkoMYFf38/tXk9ZERpcTvpnK12iEM
    j6mmv9YsJitUTzCHW3zmHjq2LPFh4M08ki++DIuYo9uUX0bGaIcJDXj3PnSvpbCa
    lYJDKDx5AVFwz2aLPAsO+G2lTTRLwx+XUodod3hQ3cIfuDeTFdUg3wNca9tuSJg5
    kIYgRul2zq8plA=
    DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sendgrid.info;
    h=mime-version:from:to:subject:content-type:x-feedback-id;
    s=smtpapi; bh=z/5L23sL7pUaJKlQ1WG11OncYxg=; b=NDCY1F/zjp46HbopbT
    ZCywWqSpqIYn8bFOZKRXWLt8sb6X+jeF9o0OmSr6Wn4gbkS6C8p0/wTqi1RboV/1
    fXWAUyQVhrtIsvmcqyMqiER0T+O7xeYj9lewKZYovG6+5KBaf1hejmRRnLjwW1oc
    89ERZhA4d2fOLWtRpwRR6ybd8=
    Received: by filter0202p1las1.sendgrid.net with SMTP id filter0202p1las1.1085.56F2F80634
    2016-03-23 20:09:42.399974044 +0000 UTC
    Received: from 689835-web1 (unknown [104.130.151.53])
    by ismtpd0008p1las1.sendgrid.net (SG) with ESMTP id O2tErYSNR52WS_MKTxc65w
    Wed, 23 Mar 2016 20:09:42.702 +0000 (UTC)
    MIME-Version: 1.0
    From: [email protected]
    To: [email protected]
    Date: 23 Mar 2016 15:09:42 -0500
    Subject: Take a look at this product!
    Message-ID: <[email protected]>
    Content-type: multipart/alternative; boundary="----------=_1458763782-12657-739"
    X-SG-EID: fL13WeLYEFVuuhzdB70o+aMdsukxmjYDsEyA1I7Olj5+g5+w/62nD50bwSvWuITrtS3HlPYFxtIwGY
    ZAs7Uyf1VMztlyD8n0Aa99wUJVHBYfb1CaCzx59jf6jUd+TMQWPgiwjck96DrHOL33CLD/bqtS73jM
    aDP0UKG1EuTSaxdfDfMpaKjTIi6sgboHnGID
    X-Feedback-ID: 144955:ho2M5bVLhY9tp+jt9EgROzbTH+tO8ZD0fRL9/S64Cfo=:ho2M5bVLhY9tp+jt9EgROzbTH+tO8ZD0fRL9/S64Cfo=:SG

    This is a multi-part message in MIME format...
    一堆 base64


    标题: Take a look at this product!
    文本内容:

    MG 电子游戏注册送 18 白菜

    MG 电子游戏注册送 18 白菜 登陆通道:[某网站]

    -yushezhuo
    jadecoder
        3
    jadecoder  
       2016-03-28 11:34:33 +08:00
    有点奇怪,就算是其他厂的邮件,现在也有 DMARC 可以防止伪造发件人了,我感觉 Gmail 不可能被伪造自己的发件人。
    tinytub
        4
    tinytub  
    OP
       2016-03-28 11:49:05 +08:00
    需要我再查一下收到的邮件的什么信息再判断一下是不是伪造发件人吗?
    xiaoz
        5
    xiaoz  
       2016-03-28 12:12:51 +08:00 via iPhone
    最近客户反应也有点多, spf 记录似乎不太起作用了?
    shippo7
        6
    shippo7  
       2016-03-28 12:47:11 +08:00
    伪造发件人而已,不用担心
    msg7086
        7
    msg7086  
       2016-03-28 13:14:52 +08:00
    伪造发件人而已。
    至于为什么放行,是因为有时候会出现代发邮件的情况。
    比如你用自己的 Gmail 账号注册了某个社交网站,那么这个网站可能就会以你的名义发邮件(给别人或者给自己)。这里面是有合法用途的,所以不会默认 Ban 掉。但是如果经常代发辣鸡邮件,那么最后还是会很快被 Ban 掉。
    关于     帮助文档     自助推广系统     博客     API     FAQ     Solana     2559 人在线   最高记录 6679       Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 25ms UTC 15:11 PVG 23:11 LAX 07:11 JFK 10:11
    Do have faith in what you're doing.
    ubao msn snddm index pchome yahoo rakuten mypaper meadowduck bidyahoo youbao zxmzxm asda bnvcg cvbfg dfscv mmhjk xxddc yybgb zznbn ccubao uaitu acv GXCV ET GDG YH FG BCVB FJFH CBRE CBC GDG ET54 WRWR RWER WREW WRWER RWER SDG EW SF DSFSF fbbs ubao fhd dfg ewr dg df ewwr ewwr et ruyut utut dfg fgd gdfgt etg dfgt dfgd ert4 gd fgg wr 235 wer3 we vsdf sdf gdf ert xcv sdf rwer hfd dfg cvb rwf afb dfh jgh bmn lgh rty gfds cxv xcv xcs vdas fdf fgd cv sdf tert sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf shasha9178 shasha9178 shasha9178 shasha9178 shasha9178 liflif2 liflif2 liflif2 liflif2 liflif2 liblib3 liblib3 liblib3 liblib3 liblib3 zhazha444 zhazha444 zhazha444 zhazha444 zhazha444 dende5 dende denden denden2 denden21 fenfen9 fenf619 fen619 fenfe9 fe619 sdf sdf sdf sdf sdf zhazh90 zhazh0 zhaa50 zha90 zh590 zho zhoz zhozh zhozho zhozho2 lislis lls95 lili95 lils5 liss9 sdf0ty987 sdft876 sdft9876 sdf09876 sd0t9876 sdf0ty98 sdf0976 sdf0ty986 sdf0ty96 sdf0t76 sdf0876 df0ty98 sf0t876 sd0ty76 sdy76 sdf76 sdf0t76 sdf0ty9 sdf0ty98 sdf0ty987 sdf0ty98 sdf6676 sdf876 sd876 sd876 sdf6 sdf6 sdf9876 sdf0t sdf06 sdf0ty9776 sdf0ty9776 sdf0ty76 sdf8876 sdf0t sd6 sdf06 s688876 sd688 sdf86