I just received 5 emails with the title:
I was logged in, and did not notice until 40 minutes later. I then promptly changed my password and signed out all other accounts. Gmail said there was no other accounts logged in, and did not report any activity on the ip address that sent the mail.
I have the whole header from the delivery failure message. Nothing is in the sent mail. The header:
Is there anything else I should do? How can I figure out how this happened? I always use google with https, and my passwords are salted.
Sent to some random (and some dictionary words) addresses at one domain. Body was some advertisement from "LRWatches", which seems to be some Chinese watch maker with a link to a base website address.Delivery Status Notification (Failure)
I was logged in, and did not notice until 40 minutes later. I then promptly changed my password and signed out all other accounts. Gmail said there was no other accounts logged in, and did not report any activity on the ip address that sent the mail.
I have the whole header from the delivery failure message. Nothing is in the sent mail. The header:
Authed in mexico? Received from china, ip in Dominican Republic?Received: by 10.236.125.130 with SMTP id z2mr26303175yhh.94.1329951863039;
Wed, 22 Feb 2012 15:04:23 -0800 (PST)
Received: by 10.236.125.130 with SMTP id z2mr26303172yhh.94.1329951862986;
Wed, 22 Feb 2012 15:04:22 -0800 (PST)
Return-Path: <[email protected]>
Received: from 236.137.167.190.d.dyn.codetel.net.do ([190.167.137.236])
by mx.google.com with SMTP id c9si26748951qao.50.2012.02.22.15.04.02;
Wed, 22 Feb 2012 15:04:22 -0800 (PST)
Received-SPF: neutral (google.com: 190.167.137.236 is neither permitted nor denied by domain of [email protected]) client-ip=190.167.137.236;
Authentication-Results: mx.google.com; spf=neutral (google.com: 190.167.137.236 is neither permitted nor denied by domain of [email protected]) [email protected]
Received: from c3-ssha-a2529.accounts.china-fpa.org ([190.167.137.236])
(authenticated bits=0)
by smtpa02.isq.pt (smtpa02) with ESMTP id q1MGB7Sd002856
(version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO)
for <[email protected]>; Wed, 22 Feb 2012 18:04:02 -0500
Received: from C3-SSHA-A1090.accounts.china-fpa.org ([190.167.137.236]) by c3-ssha-a2529.accounts.china-fpa.org with Microsoft SMTPSVC(6.0.3790.1830);
Wed, 22 Feb 2012 18:04:02 -0500
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----_=_NextPart_001_01CCF17C.B30ACE29"
Subject: Show me the difference
Date: Wed, 22 Feb 2012 18:04:02 -0500
X-ASG-Orig-Subj: Show me the difference
Message-ID: <F6E2B9DD52B5CE4AA37737CAEDED9C60030B9D0A@C3-SSHA-A1090.accounts.china-fpa.org>
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
Thread-Topic: Show me the difference
thread-index: AczxfLI6kKUDtue6RbSbdpUuALwAgA==
From: "LRWatches" <[email protected]>
To: <[email protected]>
Is there anything else I should do? How can I figure out how this happened? I always use google with https, and my passwords are salted.