On 20190713 16:29:20, home user via users wrote:
(Tony Nelson said) > [snip] > > Look at the message header. (View Source is a good way, > as it will be exact.) The first Received: line and any > lines before it come from your email provider, who is > mostly to be trusted, though anyone can make mistakes. > If that line says the "from" is reasonable,I attached the full message with line numbers added to help discussion, and with private parts replaced with "[private]". You are referring to line 31, not line 7, right? I don't see anything there saying/implying the "from" is reasonable.> look at the lines up to and inclucing the next > Received: line and loop, otherwise stop, it's spam. You're referring to line 33, right? I don't understand what you mean by "line and loop".The main thing troubling me is that the message claims to come from a gmail address, but it's sent from Yahoo Mail. How is that possible?thanks, Bill. spoofheader.txt 1 X-Apparently-To: [private]; Sat, 13 Jul 2019 21:33:09 +0000 2 Return-Path: <[private]> 3 Authentication-Results: mta4406.mail.ne1.yahoo.com; 4 dkim=pass (ok) header.i=@gmail.com header.s=20161025; 5 spf=pass smtp.mailfrom=@gmail.com; 6 dmarc=pass(p=none sp=quarantine dis=none) header.from=gmail.com; 7 Received-SPF: pass (domain of gmail.com designates 209.85.166.41 as permitted sender) 8 X-YMailISG: UfTWcpUWLDt9VbLjmP9pJbf3OmIC53rwpG_C7TjDRgDymvPB 9 BTNlUcZakGXI0sxvNXFx9wzjJmKP2kAY0t9JoARolsPbRSV4A4fCsh65475m 10 jclL.itnwmgSrdNG.AkDZjtUeVEEZOj8kwtvd4Ucw3zfi2jZWVYyKQuFkNyp 11 5EUUs3eEy4yJ6K7_SH_I64Ekx.2TOTseBrw55XGKXVb0oe0xLZ3k9EBxOmat 12 lvkQYub6IhXGJQMSjnkD4d.8bLvW3JwtamQh_jrWegyZgakvGmV018guKJjW 13 IzZNgBYT2zX4B6bRmwya0FPkga9FYlAwSUJjL6n4BAbPqAqyqWg0EEI1Jngq 14 MuQCnef8RiF75VlahGYYDQuDDK0KHs2UQmvOx6QItfSIdO8.v0glMZGxK17b 15 loYVsNGjFiuEPiNmgDfp8flbjNBBW6n6M.FG3msDMMPJ8FKqyIqdcn.qhQ.q 16 EynO_PhlDlSsYlTq5_YftYVABxPnhAhdgKZc8ve.YvvTLuQOQUF_YSyCdkNT 17 ElCIbOzaIx9dp7OmoF0l7y8d61VQEdP6MvWhnptBh5KYKVWsh3pQYCioKGue 18 KeFgvzEw5uj8mQYa_OzqcpCc9.l6RE17rIOkglKMivY._rRHeCs38uP4NBLg 19 z0pnQLsZg.LnzCoEIF7jCSvLx.cS02eniB2tvFyA1Mn84J_S9HwxrRcehDfd 20 lnO_UDzlDDhYWsMSzgAdFsvsQQM6VO61lN_WboZJFaVDj0YezwC_iQxrk.om 21 2gfQqXo.bDBUs9wyYbmqz2yJJfqsbW8gJReDClOrkZJbUFNa7MJwfV0bKXNW 22 A9BuWK3VaQKbBqxJDtj1xGhn9lNY5PpyBCQkFG1WVYN_SbJY2uGP50m2.tP3 23 VDwNXvUqwN6A.EToTeuTEUq_pMMq4W9O5ZxXH9oCiQORHHi5gDjFOd32bQLk 24 l_VrTlYbtTEG5uNsgWjsTPc_YHwLfeBf.m2bBS8AtVvjzKETSz0tpDiclDHI 25 zQ3JnWkop3i2RofghLWhBV6sEw1kDrIuE7bw70IXwRWibvTRwePFk_KtGlmZ 26 mvJg8azDq2y9l4wmvA_xMo15lCYOytM.y62IYjzzL.9_H9rmTct1ulWJF.2F 27 W00ZmlsX7ju3si2yG6GCsPGylbBB1k6fl1dQHm0UHPPbZPMQWt6eA6CZpFfn 28 DzQCnwS3S4Un.NZBfdhUPTmVltz.0qKQyvSu4X3CK4Mauw3Cdr0BIM2ELxXb 29 Uq.a700ZtETRgLZiYHkZYDE- 30 X-Originating-IP: [209.85.166.41] 31 Received: from 127.0.0.1 (EHLO mail-io1-f41.google.com) (209.85.166.41) 32 by mta4406.mail.ne1.yahoo.com with SMTPS; Sat, 13 Jul 2019 21:33:09 +0000 33 Received: by mail-io1-f41.google.com with SMTP id k8so27923627iot.1; 34 Sat, 13 Jul 2019 14:33:09 -0700 (PDT) 35 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; 36 d=gmail.com; s=20161025; 37 h=date:from:reply-to:to:message-id:subject:mime-version:references; 38 bh=MgkjHii2ksvTjACY0qnqI3YCoTu9q9HsYjhT+2mleGw=; 39 b=QTBD19oaeu7t5qGDN2Tm/JEIccMRvh9+kwxLbhjDNh0auWHq58VPxTlRBVVuKWtpDD 40 g0eGmTLB74eCSkKj3UooCw46WfD0lEIFgt0Bg0WR7fIqqOtCgKqjDllKZVsslHM4MGxK 41 kq+aCIEsUVS2MDIoBqYmuwa+NaGpcl0j+VRqOgF0Ftmq8X5ya8yI+Fj33jugeMdMwyfT 42 97hiZunVJ/UDHNgJOgf0WFrApWVBiJnP2kudJGrTKlL2ooV58OxlLtaRw27wBJbrR5Lg 43 xqtlZb14gbk1MK/0gkRP9SfXCr2sWgg6nZWXa0k1G7MQpv8EzLeLudHleYxzK45Z2git 44 OiqQ== 45 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; 46 d=1e100.net; s=20161025; 47 h=x-gm-message-state:date:from:reply-to:to:message-id:subject 48 :mime-version:references; 49 bh=MgkjHii2ksvTjACY0qnqI3YCoTu9q9HsYjhT+2mleGw=; 50 b=PsYXrRGycP3WDRvhunmjg0E1vCMI83JKy7XzgDGRuUKZVIL/IrYzjnans9AEamkhyL 51 5foQFF1xnmPe2ES31P1VFGDWnZUjlT9L+yGkxZsN8erHPHkOnASWtjPDbl5U3qzNve/s 52 3+91vMQKDZWFRNLPoqFHxyJEicmxHHSkLV+qiyVfzhNHUjQnkzaP8MQ1pXMR+ct3oEcF 53 23i+esUsdIAqC7AAJKQvQ4uM2MrVDCQxnlkmhqNaGWiKXHuv0CCLBs2ZXYKr6JpD4UeJ 54 FeFTmWhSpqorjpOo4v2KboO29ZU7BbrzxvPZwHH7oc+lX1MNth2ORa9JQHLlMVJPjdem 55 DoEw== 56 X-Gm-Message-State: APjAAAUieN/NT/7bCGWoOCM7p0nun2dENZf7WZrsTjn7e7JiNSaAQQ46 57 X+4+o9+krEqnlaDFkXSNKTHbhkfD 58 X-Google-Smtp-Source: APXvYqxNOZUf94JAPxPHigDL21gIoXISKHQ4MHaZ+KA1x45IsuDXHevxMaE5RfBSUn/DcRe8IdhLiw== 59 X-Received: by 2002:a5d:9b1a:: with SMTP id y26mr17672471ion.238.1563053588544; 60 Sat, 13 Jul 2019 14:33:08 -0700 (PDT) 61 Return-Path: <[private]> 62 Received: from sonic316-12.consmr.mail.bf2.yahoo.com (sonic316-12.consmr.mail.bf2.yahoo.com. [74.6.130.122]) 63 by smtp.gmail.com with ESMTPSA id z26sm13199729ioi.85.2019.07.13.14.33.07 64 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); 65 Sat, 13 Jul 2019 14:33:07 -0700 (PDT) 66 X-YMail-OSG: 05TfIBwVM1nOm3krOdXc5g5lmLSqCqfZZ2ce7zPSafn7Sr63s53U.016lN9lA37 67 uRhpAvb.Mv5uv3IvADfErNmdBK_rICbXAcLzYiDvHWk8GE0WSaZ5Y4zURu9ZM0JM8uR2FmyZhn1u 68 bYN.b1gmvrZRlylvv6T7va1udVVznhpTj1QUseVarX47asTYiX_SLnQ9tt0NvO92UA9CiL0CpV2K 69 VqGFs.ANovj4Qd68cr4AAUESN8UzfFE.gXVM9DR2gPVUF5JCV6r67sD5HErYC0ZmXNK_ae59sb0g 70 dscL99YxuchHrBBAjvoDYGZIToxuUyHAdHBrGSaw3S4NYvV1pfjvu4R2a9VCkGo00KLEHDRDJYtj 71 LBiY71qiINS7Ha_jwqMSIlypGlJzezRFK2L7P9bA_4IdRYhI6hCGSbiUAA7alRg88cCTdpU1CJYE 72 5U0Gf5yGqnvgvSz5XNfnJ0y4QnVhDhpHHbTYt1Tc3lOpTm9rz98DmO_O7mMMHgKhwt9mwsxBUh_Z 73 iVgGQxK1uCooUbZV103jyWcYouw_3BUWgf2pfSJi_6nzqRMzeg8wjbpdSNmo2ozDD3Y5TqgpO8sv 74 V._6Y31EjYJZcUGq232rTran70ZMFiMoNJqmIu9tBZRqnI_65zK1dpPIgmr2b1ryK0hCkOHtE1cg 75 Fsj.J0F_Qc7L4MQz3MUtFiQ8n6vcjc6G1KtGo6dsgNb1OfMfKdqPmqep_5x0TwRTkVptxJlaR4Vv 76 YufOOyRXzblvAlxIZ8buY426YqrtioX4gMt9PtX.6IqPNWHZrv1Z4FYOJ5tkWganEoPIrFADNPce 77 AuImyY4NoipQ5tw7nHMkbCJNSDPl.5SQ7el7zDT0sTamvkGmoC89nn_H62QIgC2fK_NVax3XWC86 78 TCgakie6nLAkkyy.MkdAP1XiyjKHamhjHxtnrMrkn5NlP5_ielsgw0Di9cff6lNa6ha.7uMZOHRf 79 Imtufmlv7gIMY.CDv.z_ztslxxR.7gLFRmjyFISxPa0t9iF56ayKdLR5bBWctnb3FEx6ntp6338j 80 U_wgfbZrAVoSYULPv9BaM2Gr2m6y8qvxO_RxPnADfYgkRV8LhEL3KxlHiE3t4tiEN8k15rjWGpIJ 81 B4JGWNg_kAd69u3Tz04JjOPukjvRnJopT19IC.p.ES8np6vyxD4kVAW3WOMzzVFYL9TRVERWhoE2 82 Avesex8owsR7asEkxGkx5GnMBWiQHcS942pxzDRTwgYf0ED53eeGwyzPMJj.E86rWPM3QQ8O0LGF 83 Po8OFW75q1pd2xSfRcx_efQB6.7riPOE3rZHya8lLt_j33x1y8s9nNh6H 84 Received: from sonic.gate.mail.ne1.yahoo.com by sonic316.consmr.mail.bf2.yahoo.com with HTTP; Sat, 13 Jul 2019 21:33:07 +0000 85 Date: Sat, 13 Jul 2019 21:33:02 +0000 (UTC) 86 From: "[private]" <[private]> 87 Reply-To: "[private]" <[private]> 88 To: [private] <[private]>, [private] <[private]> 89 Message-ID: <1006046679.433253.1563053582396@xxxxxxxxxxxxxx> 90 Subject: [private] 91 MIME-Version: 1.0 92 Content-Type: multipart/alternative; 93 boundary="----=_Part_433252_1220207963.1563053582396" 94 References: <1006046679.433253.1563053582396.ref@xxxxxxxxxxxxxx> 95 X-Mailer: WebService/1.1.13991 YahooMailAndroidMobile YMobile/1.0 (com.yahoo.mobile.client.android.mail/5.40.2; Android/8.0.0; R16NW; j7topltetmo; samsung; SM-J737T; 5.46; 1280x720;) 96 Content-Length: 948 97 98 ------=_Part_433252_1220207963.1563053582396 99 Content-Type: text/plain; charset=UTF-8 100 Content-Transfer-Encoding: quoted-printable 101 102 [private] 103 [private] 104 105 Sent from Yahoo Mail on Android 106 ------=_Part_433252_1220207963.1563053582396 107 Content-Type: text/html; charset=UTF-8 108 Content-Transfer-Encoding: 7bit 109 110 [private]<br><br><div id="ymail_android_signature"><a id="ymail_android_signature_link" href="https://go.onelink.me/107872968?pid=InProduct&c=Global_Internal_YGrowth_AndroidEmailSig__AndroidUsers&af_wl=ym&af_sub1=Internal&af_sub2=Global_YGrowth&af_sub3=EmailSignature";>Sent from Yahoo Mail on Android</a></div> 111 ------=_Part_433252_1220207963.1563053582396--
At a quick glance the email itself probably flowed from a yahoo sender to your gmail account. This portion of the bottom of the message bothers me:
href="https://go.onelink.me....You erased one of the more important clues for legitimacy. Do the "Reply-To:" and "From:" headers make sense when considered together?
I note that "anyone" (or any sufficiently clever robot) can create a yahoo account and send at least a few emails. So if the email was unexpected and/or from somebody you do not know it is right to question it. Does the "From:" make sense considering the contents. There is no way I can tell. You even blanked the subject. If it was a "your bank account has been compromised" email sent through Yahoo, why are you asking here about legitimacy of such a monstrosity? And if there is ANY question about the email and it is asking you to forward money "to your boss vacationing in Mexico" faghedaboudit. Use some thinking. And if you must worry about this send email back, gritting your teeth over the spamload this will unleash to a known "good" address, and ask for some information only you and your boss know. Establish identity beyond question before sacrificing money.
It's not paranoia when "they" really are out to get you but it's not personal, they will take any sucker they can get. It's prudence that says email is not to be trusted beyond the value you stand to lose by trusting it.
{^_^} Joanne
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
