[SOLVED] Email from Microsoft or not?

Status
Not open for further replies.

yossibac

Commendable
Dec 2, 2021
140
10
1,595
Hi, We keep getting that email, There is no email address to show, so I can't see what email it's coming from.
We sent it to Junk and to Phishing, but it keeps coming back again and again,
I think it might be from Microsoft as we have a subscription.
I have not opened the attachment of course.
Please advise. Thanks.

View: https://imgur.com/a/8aA7nyj


Viewing the email source I can see this (among other things)

From: Billing Administrator: Email address removed for privacy
Microsoft SMTP Server (version=TLS1_2,
Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
outlook.com does not designate 40.95.38.40 as permitted sender
sender IP is 113.30.149.246) smtp.helo=voicestorm.com; dkim=none (message not signed)
 
Last edited:
Solution
All last 5 posts are valid and appreciated,
We are a locksmith company and can't change the address
We have few engineers that use our PC, so I must be careful
We get emails from all sorts including google via our website.
When you hoover your mouse over an email it reveals the address, but not those, and they keep coming.
You can't block an email that don't carry an email address, that is my problem.
I can see an email address in the header, but apparently not the online email provider which is "outlook.office.com"
I'm playing with the idea of formatting an old laptop, opening the attachment and see what happens:) I'd like to see if it tells me HaHa you've been hijacked.
Thanks for helping. Joseph.
Yes, you...

USAFRet

Titan
Moderator
I know, we don't owe anything, as well as the bank statement, isn't showing anything.
But I don't need those emails arriving to our PC's company hence my inquiries.
You can't prevent them from sending.
You CAN shuffle them off directly into the Spam/junk folder. Or something else "for future review".

Currently, in my junk folder:
I have signed up for CarShield
Welcome to blah blah Family Auto Insurance
Signed up for new life insurance
I won {something} at Lowes
I'm having new windows installed at my house
A 'fedex' package could not be delivered
blah blah blah....
 

Ralston18

Titan
Moderator
And I will add the suggestion to also revamp your email rules.

Only allow emails into the inbox that are from senders who are in your address book. However, you can set up all sorts of filters/rules as necessary.

Send all other emails to a folder of your choice where you can later scan through those emails and ensure that no valid emails got filtered out.

Move those valid emails to the inbox and, if you chose, add the senders to your address book.

Then you can delete the rest of the emails without even opening them.

Or flag for future review.
 

USAFRet

Titan
Moderator
Authentication-Results: i=2; mx.microsoft.com 1; spf=fail (sender ip is
40.95.38.40

At the email source, I searched the IP address 40.95.38.40, and it belongs to Microsoft
Maybe it is legit?
  1. Disregarding this email, what does the people you bought the subscription from say?
  2. The email states the charge was declined. What does your bank records say?

This is junk/spam/scam.
 
  • Like
Reactions: Dark Lord of Tech

DSzymborski

Titan
Moderator
I know, we don't owe anything, as well as the bank statement, isn't showing anything.
But I don't need those emails arriving to our PC's company hence my inquiries.

The only way to avoid these types of emails being sent to you is to get an entire new email address regularly.

Otherwise, the only dependable thing to do is ignore them. Anyone you actually owe money to or needs you to resolve an issue won't do it solely in a the form of a poorly written form letter that reads like it was written by a fifth-grader.
 

DSzymborski

Titan
Moderator
All last 5 posts are valid and appreciated,
We are a locksmith company and can't change the address
We have few engineers that use our PC, so I must be careful
We get emails from all sorts including google via our website.
When you hoover your mouse over an email it reveals the address, but not those, and they keep coming.
You can't block an email that don't carry an email address, that is my problem.
I can see an email address in the header, but apparently not the online email provider which is "outlook.office.com"
I'm playing with the idea of formatting an old laptop, opening the attachment and see what happens:) I'd like to see if it tells me HaHa you've been hijacked.
Thanks for helping. Joseph.

Unfortunately, there's not much you can do unless your adaptive spam filter catches it and prevents you from seeing it.

There's no practical way to prevent it from reaching you in the first place.
 
All last 5 posts are valid and appreciated,
We are a locksmith company and can't change the address
We have few engineers that use our PC, so I must be careful
We get emails from all sorts including google via our website.
When you hoover your mouse over an email it reveals the address, but not those, and they keep coming.
You can't block an email that don't carry an email address, that is my problem.
I can see an email address in the header, but apparently not the online email provider which is "outlook.office.com"
I'm playing with the idea of formatting an old laptop, opening the attachment and see what happens:) I'd like to see if it tells me HaHa you've been hijacked.
Thanks for helping. Joseph.
Yes, you most certainly can block them. The "TO:" and "FROM:" fields are not in any way, shape or form used by SMTP for mail delivery. They are placed there by the mail client and are solely for the user. The contents of those fields do not have to contain anything at all pertaining to the message. They can even be blank. There are a multitude of things in the header that cannot be forged (ex. the originating mail server address and the addresses of all servers the mail was relayed through) and can be used to filter mail with a proper client and rules.
 
Solution

yossibac

Commendable
Dec 2, 2021
140
10
1,595
Authentication-Results: i=2; mx.microsoft.com 1; spf=fail (sender ip is
40.95.38.40

At the email source, I searched the IP address 40.95.38.40, and it belongs to Microsoft
Maybe it is legit?
 

yossibac

Commendable
Dec 2, 2021
140
10
1,595
I know, we don't owe anything, as well as the bank statement, isn't showing anything.
But I don't need those emails arriving to our PC's company hence my inquiries.
 

yossibac

Commendable
Dec 2, 2021
140
10
1,595
All last 5 posts are valid and appreciated,
We are a locksmith company and can't change the address
We have few engineers that use our PC, so I must be careful
We get emails from all sorts including google via our website.
When you hoover your mouse over an email it reveals the address, but not those, and they keep coming.
You can't block an email that don't carry an email address, that is my problem.
I can see an email address in the header, but apparently not the online email provider which is "outlook.office.com"
I'm playing with the idea of formatting an old laptop, opening the attachment and see what happens:) I'd like to see if it tells me HaHa you've been hijacked.
Thanks for helping. Joseph.
 
Last edited:

yossibac

Commendable
Dec 2, 2021
140
10
1,595
Yes, you most certainly can block them. The "TO:" and "FROM:" fields are not in any way, shape or form used by SMTP for mail delivery. They are placed there by the mail client and are solely for the user. The contents of those fields do not have to contain anything at all pertaining to the message. They can even be blank. There are a multitude of things in the header that cannot be forged (ex. the originating mail server address and the addresses of all servers the mail was relayed through) and can be used to filter mail with a proper client and rules.
Taking everything you say here into account and using header analyser revealed that the email is defiantly forged,
View: https://imgur.com/a/Z9UBgYf
 

yossibac

Commendable
Dec 2, 2021
140
10
1,595
OK. to conclude this thread
Thank you all for your inputs.
I installed windows 7 on formatted HD on an old Samsung R530 laptop and opened the attachment. By the look of it, the offender is trying to steal the password. See attached.
View: https://imgur.com/a/RvvYBfK


I have a problem with that laptop but I started new thread to discuss

BDW Sorry, I did not know that selecting best answer mark the thread SOLVED
Thanks again.
 
Status
Not open for further replies.