Educause Security Discussion mailing list archives
Re: Odd (to me)email info
From: Jeremy Mooney <j-mooney () BETHEL EDU>
Date: Mon, 11 May 2009 17:46:50 -0500
Michael Fox wrote on 5/11/09 17:00 :
I have been asked to look at some emails and while I was looking at them (text mode) I saw the following in the body: Date: Fri, 1 May 2009 13:29:47 -0400 From:X <X () georgiasouthern edu<http://us.mc455.mail.yahoo.com/mc/compose?to=X () georgiasouthern edu> To:Y () gmail com<http://us.mc455.mail.yahoo.com/mc/compose?to=Y () gmail com> Cc:Z <Z () georgiasouthern edu<http://us.mc455.mail.yahoo.com/mc/compose?to=Z () georgiasouthern edu> Where X,Y, and Z are three different email accounts. When the email is viewed as HTML it just shows the 3 different email accounts. X () georgiasouthern edu, Y () gmail com, etc. What does the us.mc455.mail.yahoo.com... mean with the local email domain and gmail domain attached? These are not in the headers, they are in the body of the email. I've googled it but can't find anything that tells me what it is. Any help in determining what this means would be greatly appreciated.
My guess would be the message was forwarded using the yahoo webmail interface, and it inappropriately included the display-side content intended for use by the person who had been viewing the message (us.mc455.mail.yahoo.com was the webmail frontend host for the session, and the link is intended to allow the user to click to compose a new message to that address). This is a guess as I don't have much experience with yahoo's webmail, but I have seen similar types of links leak out of Exchange when messages are forwarded. -- Jeremy Mooney ITS - Bethel University GPG: 1024D / B151 29F4 3281 0F3A 1403 88A8 6493 D78F 4245 D7F5
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- Odd (to me)email info Michael Fox (May 11)
- <Possible follow-ups>
- Re: Odd (to me)email info Jeremy Mooney (May 11)