email support

thanks Gondola, sorry about delay i had already deleted the spoofed emails but another came through pretending to be from one of my talktalk email email addresses this morning, so the information i have for you is:

Return-Path: <hey_sodswko@crypto.11thcircle.com>

Received: (envelope-from <hey_sodswko@crypto.11thcircle.com>) there is also their ip and some imap info and other tech stuff in this area

From: my email only showed when double clicking the email they also spoofed the properties from the basic email - not getting involved in IT like i used to i forgot how easy this was to do and check via View Source email header, so thanks again for that you have helped so many times in the past under my other dazza name really appreciate it - also my fault i had to create another dazza as i forgot i already had an account via another talktalk email address!!

so some of the From: info 

Received: from mx.tt.xion.oxcs.net ([10.93.2.3])

               by imap-director-8.dovecot.shared.ns.xion.oxcs.net with LMTP

               id 6PBXH0rSCGbHRwAAFvMZzQ

               (envelope-from <hey_sodswko@crypto.11thcircle.com>)

if there is anything above that identifies me please delete it - i dont think there is but i am a little out of touch with these things now - if you want more info from the View Source email header let me know and i will check on next one that comes through as i will delete this one after i forward it to phishing@talktalk.co.uk

my email address appears in the for: part also X-Delivered-To: - there is a lot of other stuff but i guess talktalk phishing guys will view that when i send it to them

cheers

dazza

I think they will be filtered out because from what I've seen the senders are not authenticated.

Have a look at the View Source email header and let me know what's on the 3 lines that start:

Return-Path: don't post your own email address but indicate if that is shown by *****my email*****

Received: just the part in brackets that is like (envelope-from <email address>)

From: don't post your own email address but indicate if that is shown by *****my email*****

And please do forward the email to phishing@talktalk.co.uk so that TalkTalk Security can take a look.

Thanks Gondola, it has now spread to a second talktalk email address - as you know I use outlook at home rather than TT webmail but as worried I did actually login to one spoofed email and noted that there was nothing in the sent items which puts my mind at rest a bit, but always vigilent as so many criminals out there mainly organised crime groups.

However what I dont get is how the spoofed address can also be in the email sender properties not just as a spoof as a sender although thinking about it I think I am realising as I type this, but any insight you can give would be helpful, these emails are the usual garbage you know account expired must renew immediately, offers from people I never use or will use, mysterious shein prizes or you won a competition you never entered etc obviously trying to panic people and play on their greed - same old really.

Is there anyway talktalk can filter these out, the subjects and message bodies are pretty obvious? Obviously never click on anything and my opinion is dont even open them.

thanks again

dazza