首页 注册 登录
V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
V2EX 提问指南
广告
ykjsw
V2EX  ›  问与答

这封垃圾邮件是怎么发出的

  •   
  •   ykjsw · 2016-03-17 09:50:43 +08:00 · 5298 次点击
    这是一个创建于 3160 天前的主题,其中的信息可能已经有所发展或是发生改变。

    效果如下,但 cmbchina 的链接是指向 cmbchinasj.com 的,查了下,是个人的。

    邮件头如下,邮件确实是从 cmbchina.com 发出,但 hotmail 标记成垃圾邮件了

    Received: from SG2PR06MB0808.apcprd06.prod.outlook.com (10.162.198.146) by
 TY1PR06MB0814.apcprd06.prod.outlook.com (10.163.245.20) with Microsoft SMTP
 Server (TLS) id 15.1.434.16 via Mailbox Transport; Wed, 16 Mar 2016 00:30:13
 +0000
Received: from TY1PR06CA0041.apcprd06.prod.outlook.com (10.164.91.51) by
 SG2PR06MB0808.apcprd06.prod.outlook.com (10.162.198.146) with Microsoft SMTP
 Server (TLS) id 15.1.434.16; Wed, 16 Mar 2016 00:30:11 +0000
Received: from SG2APC01FT014.eop-APC01.prod.protection.outlook.com
 (2a01:111:f400:7ebe::202) by TY1PR06CA0041.outlook.office365.com
 (2a01:111:e400:5972::51) with Microsoft SMTP Server (TLS) id 15.1.434.16 via
 Frontend Transport; Wed, 16 Mar 2016 00:30:11 +0000
Received: from SNT004-MC4F14.hotmail.com (10.152.250.60) by
 SG2APC01FT014.mail.protection.outlook.com (10.152.250.188) with Microsoft
 SMTP Server (TLS) id 15.1.427.7 via Frontend Transport; Wed, 16 Mar 2016
 00:30:09 +0000
Received: from message.cmbchina.com ([115.210.202.182]) by SNT004-MC4F14.hotmail.com with Microsoft SMTPSVC(7.5.7601.23143);
	 Tue, 15 Mar 2016 17:30:06 -0700
From: =?GB2312?B?1dDJzNL40NA=?= <[email protected]>
To: <[email protected]>
Content-Type: text/html; charset="GB2312"
Reply-To: <[email protected]>
Date: Wed, 16 Mar 2016 08:29:30 +0800
X-Mailer: Microsoft Outlook Express 5.00.2615.200
Return-Path: [email protected]
Message-ID: <[email protected]>
X-OriginalArrivalTime: 16 Mar 2016 00:30:07.0048 (UTC) FILETIME=[FD912480:01D17F1A]
X-MS-Exchange-Organization-Network-Message-Id: 132e9dd8-0a04-4493-234a-08d34d3222d9
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa:0
X-MS-Exchange-Organization-MessageDirectionality: Incoming
CMM-sender-ip: 115.210.202.182
CMM-sending-ip: 115.210.202.182
CMM-Authentication-Results: hotmail.com; spf=none (sender IP is
 115.210.202.182) [email protected]; dkim=none
 header.d=message.cmbchina.com; x-hmca=none
 [email protected]
CMM-X-SID-PRA: [email protected]
CMM-X-AUTH-Result: NONE
CMM-X-SID-Result: NONE
CMM-X-Message-Status: n:n
CMM-X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtHRD0yO1NDTD02
CMM-X-Message-Info: z6+tzUa3IoRQRSdTrdAZMN2UXClbo6s2f9RboW0IP/hgnC7nBOk9vu/oM+JKCDYf3bqJmhlX2HiqwwpSta7Ne18SVHJGfiewqARKlBjrn3JGC+L+v0+Pv83P4drWK3wiq1xbxvhtxicJKAfbqlX+4cA8J76GGH3VAplSZNyoAHre0eayUQk//dFI3otwYAKyR0nKRLmpuNV1iFAfnezu8UArfdYHt/9E7y9QOsFAdzCEdo0Wsekbyg==
X-MS-Exchange-Organization-PCL: 2
X-Forefront-Antispam-Report: CIP:25.152.250.60;CTRY:GB;IPV:NLI;EFV:NLI;SFV:SPM;SFS:(28900001);DIR:INB;SFP:;SCL:5;SRVR:SG2PR06MB0808;H:SNT004-MC4F14.hotmail.com;FPR:;SPF:None;MLV:ovr;LANG:zh-cn;
X-MS-Office365-Filtering-Correlation-Id: 132e9dd8-0a04-4493-234a-08d34d3222d9
X-Microsoft-Exchange-Diagnostics: 1;SG2PR06MB0808;2:IU7bNvVk89NqOMDcEjcNDBEV8B8f3FeEgHv2uA+1QD+vzTCFfAXbM1beNpmCjnBYlVG0t80uq/z2A0i2h+99/nWYwXYE8iCX1sus8K+qEr6TLFgHy3OmjXMd1LIXw/SshpivZy/QJF4pgdDzRlwaBnjMdINWoTvdXeujZh9+IFmQPLokATTX6+UqivEmxkD5zOVVhokO4vTRIa9hjxpuCQ==;3:RggsR4YV455Tyl56dHvFZ6qpZK5fWobnmNCo/P/QPXLJE5mXJPALlwMZZxK56e+zN9nBeqV7ar7bIn1IkQKmEGXQRbvpVdXu2kEnJL+S8pQCSy06i51k/pg/3E9Jge1NxusAoPrR1OG6aWFW5U7ZW3KjVJ6MlEc4s86wQjhOeipI3o1yTyYwu2QynbEKnn65VKYnDLZ6nKmKDPhNBY7nMlwpIuOTtPeUlsG/b68DR3g=;25:LLalu7vP0tGBi9KPjISWDuwDG2KObPEcW4Sx+luqkhXSL7lW/VcpXCyoiI1/ThzzV5cXebmi9bcXJOHO+hCHa6U8nflwp/i4W7TXEyMRaihaDHVz2kBx8YFSbQrfj7NcVHZ/KVrKjoBWbpiy/P1mKD7ccpJKnhN2ovkgjMnBDpJNv1y5azNnuzCi9lnCOHj5k2xVlm3bZQ5EnliY7GXkSGXJ5maNZ3CMCh9AJ0dhVjlp9mAuVUR+8DnE+Xpm7pFB2n6lzfb6u8eo7c97b5zqnyl5Q6z5lSm7XKFeP70eSlsvyqs7UovQEHtp7pnfE3pw
Content-Transfer-Encoding: quoted-printable
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:(8291501002);SRVR:SG2PR06MB0808;
X-MS-Exchange-Organization-AVStamp-Service: 1.0
X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(82015046);SRVR:SG2PR06MB0808;BCL:0;PCL:0;RULEID:;SRVR:SG2PR06MB0808;
X-Microsoft-Exchange-Diagnostics: 1;SG2PR06MB0808;4:wLmwrI32IYVcEBL9Mf8XeFaBWR1AdoZ4Z678jMnAiFZB/ZfQ8Sq4/oss6xZj1C3GzZMBPVDt8TDEuE04jWgplPUR2aukp+1TvvHDLtLvGqggzVWNRruabFGsHm29IkcCb2Q78eWjYiZ6EEuXzgsvDLi2GRlAgydD85O5cirFZj8PjRishf1s1hgyijHqop3/vaaxm4h4+tr2nJEWUYo9D1GFtPKbe+QqBkBU8mcHh+f5bCbj0ya8fA4/O9lmrsbs6pBk3jBRN7I026eFdLwGaw==;23:ecZtIwKow+Mzu9bLGgNUWrB0NpNr0PfQMN6nzV/JZRxdP5Pb4q6gcFOAsC59EsaJMpEDC+Jxvmua3DVFuMvBi8pYs7zY0naIgaXJTH6bwYfBvUDRPEOJucUWBVhsE2j64ABHFPbWUhelDHknP9atdxAnVp0HqpCr2bCoqohsIfBT3F01eIIIe8hOVDOpq23GwwPvryP551vb9InQacZkNrZo0pcKuK1Pjf4psSSnpJU=;5:OqD75DeuM2jMM+0XvhS8Im8FbuLmJSN0/NiPW2TmcIFxZTQOKOrHu6OCnhxWU7VHC/rz1uNRDOFfyxH2HHHEuhtuV7/i9WjjPTVMyqE+w6XyoNJIcdvfl5rtGKXd84I3SwaBk/tmqcsoEnaaaM2I+w==;24:9PShO3fBYnBrfdG9ZcdzBAtod2twzgVN2vCR8CJ2eJDziySOjv1Ga3du2hG5FZRR5L2cXcHG0wFH76Yztl1NtQ==
X-MS-Exchange-Organization-SCL: 5
SpamDiagnosticOutput: 1:22
SpamDiagnosticMetadata: 00000000%2D0000%2D0000%2D0000%2D000000000000
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Mar 2016 00:30:09.8042
 (UTC)
X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SG2PR06MB0808
X-MS-Exchange-Organization-AuthSource: SG2APC01FT014.eop-APC01.prod.protection.outlook.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Transport-EndToEndLatency: 00:00:03.3470626
MIME-Version: 1.0

<html><head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dgb2312"><=
/head><body><div id=3D"mailContentContainer" class=3D"qmbox qm_con_body_con=
tent"><div><span id=3D"fixBand1"><table style=3D"border-left-style:solid;;b=
order-right-style:solid;;border-top-style:solid;;border-width:2px;border-co=
lor:#000000;" height=3D"64px" width=3D"643px" cellpadding=3D"0" cellspacing=
=3D"0"><tbody><tr style=3D"width:643px;height:64px;"><td style=3D"width:643=
px;height:64px;"><table style=3D"" height=3D"64px" width=3D"643px" cellpadd=
ing=3D"0" cellspacing=3D"0"><tbody><tr style=3D"width:643px;height:64px;"><=
td style=3D"border-width:0px;width:0px;height:0px;"></td><td style=3D"borde=
r-width:0px;width:643px;height:0px;"><span style=3D""><img src=3D"https://p=
bdw.ebank.cmbchina.com/cbmresource/mailpicture/dygbcs0215/dbdt.jpg" style=
=3D"border-width:0px 0px 0px 0px" height=3D"63.0" width=3D"643.0"></span></=
td></tr></tbody></table></td></tr></tbody></table></span><span id=3D"fixBan=
d12"><table style=3D"border-left-style:solid;;border-right-style:solid;;bor=
der-width:2px;border-color:#000000;" height=3D"124px" width=3D"643px" cellp=
adding=3D"0" cellspacing=3D"0"><tbody><tr style=3D"width:643px;height:23px;=
"><td style=3D"width:643px;height:23px;"><table style=3D"" height=3D"23px" =
width=3D"643px" cellpadding=3D"0" cellspacing=3D"0"><tbody><tr style=3D"wid=
th:643px;height:23px;"><td style=3D"border-width:0px;width:0px;height:0px;"=
></td><td style=3D"border-width:0px;width:643px;height:0px;" valign=3D"midd=
le"><div style=3D"word-break: break-all;text-align:left;color:#000000;line-=
height:110%;valign:middle;"><font style=3D"font-size:13px;line-height:120%;=
" face=3D"=CB=CE=CC=E5">&nbsp;</font></div></td></tr></tbody></table></td><=
/tr><tr style=3D"width:643px;height:55px;"><td style=3D"width:643px;height:=
55px;"><table style=3D"" height=3D"55px" width=3D"643px" cellpadding=3D"0" =
cellspacing=3D"0"><tbody><tr style=3D"width:643px;height:55px;"><td style=
=3D"border-width:0px;width:0px;height:0px;"></td><td style=3D"border-width:=
0px;width:643px;height:0px;"><span id=3D"fixBand17"><table style=3D"border-=
width:0px;" height=3D"55px" width=3D"643px" cellpadding=3D"0" cellspacing=
=3D"0"><tbody><tr style=3D"width:643px;height:55px;"><td style=3D"width:643=
px;height:55px;"><table style=3D"" height=3D"55px" width=3D"643px" cellpadd=
ing=3D"0" cellspacing=3D"0"><tbody><tr style=3D"width:643px;height:55px;"><=
td style=3D"border-width:0px;width:58px;height:0px;"></td><td style=3D"bord=
er-width:0px;width:49px;height:0px;" valign=3D"middle"><div style=3D"word-b=
reak: break-all;text-align:left;color:#404040;line-height:110%;valign:middl=
e;"><font style=3D"font-size:16px;line-height:120%;" face=3D"=CB=CE=CC=E5">=
=D7=F0=BE=B4=B5=C4</font></div></td><td style=3D"border-width:0px;width:536=
px;height:0px;" valign=3D"middle"><div style=3D"word-break: break-all;text-=
align:left;color:#404040;line-height:110%;valign:middle;"><font style=3D"fo=
nt-size:16px;line-height:120%;" face=3D"=CB=CE=CC=E5">=D5=D0=C9=CC=D3=C3=BB=
=A7:</font></div></td></tr></tbody></table></td></tr></tbody></table></span=
></td></tr></tbody></table></td></tr><tr style=3D"width:643px;height:47px;"=
><td style=3D"width:643px;height:47px;"><table style=3D"" height=3D"47px" w=
idth=3D"643px" cellpadding=3D"0" cellspacing=3D"0"><tbody><tr style=3D"widt=
h:643px;height:47px;"><td style=3D"border-width:0px;width:0px;height:0px;">=
</td><td style=3D"border-width:0px;width:643px;height:0px;"><span id=3D"fix=
Band18"><table style=3D"border-width:0px;" height=3D"47px" width=3D"643px" =
cellpadding=3D"0" cellspacing=3D"0"><tbody><tr style=3D"width:643px;height:=
47px;"><td style=3D"width:643px;height:47px;"><table style=3D"" height=3D"4=
7px" width=3D"643px" cellpadding=3D"0" cellspacing=3D"0"><tbody><tr style=
=3D"width:643px;height:47px;"><td style=3D"border-width:0px;width:59px;heig=
ht:0px;"></td><td style=3D"border-width:0px;width:18px;height:0px;" valign=
=3D"middle"><div style=3D"word-break: break-all;text-align:left;color:#0000=
00;line-height:110%;valign:middle;"><font style=3D"font-size:16px;line-heig=
ht:120%;" face=3D"=CB=CE=CC=E5">=C4=FA</font></div></td><td style=3D"border=
-width:0px;width:34px;height:0px;" valign=3D"middle"><div style=3D"word-bre=
ak: break-all;text-align:left;color:#000000;line-height:110%;valign:middle;=
"><font style=3D"font-size:16px;line-height:120%;" face=3D"=CB=CE=CC=E5">=
=B5=C4=CA=D6</font></div></td><td style=3D"border-width:0px;width:18px;heig=
ht:0px;" valign=3D"middle"><div style=3D"word-break: break-all;text-align:l=
eft;color:#000000;line-height:110%;valign:middle;"><font style=3D"font-size=
:16px;line-height:120%;" face=3D"=CB=CE=CC=E5">=BB=FA</font></div></td><td =
style=3D"border-width:0px;width:21px;height:0px;" valign=3D"middle"><div st=
yle=3D"word-break: break-all;text-align:left;color:#000000;line-height:110%=
;valign:middle;"><font style=3D"font-size:16px;line-height:120%;" face=3D"=
=CB=CE=CC=E5">=D2=F8</font></div></td><td style=3D"border-width:0px;width:4=
94px;height:0px;" valign=3D"middle"><div style=3D"word-break: break-all;tex=
t-align:left;color:#000000;line-height:110%;valign:middle;"><font style=3D"=
font-size:16px;line-height:120%;" face=3D"=CB=CE=CC=E5">=D0=D0=BC=B4=BD=AB=
=CA=A7=D0=A7=A3=AC=C7=EB=C1=A2=BC=B4=B5=C7=C2=BD=D5=D0=D0=D0=B9=D9=CD=F8=BD=
=F8=D0=D0=C8=CF=D6=A4<a href=3D"http://cmbchina.cmbchinasj.com/" target=3D"=
_blank">www.cmbchina.com</a></font></div></td></tr></tbody></table></td></t=
r></tbody></table></span></td></tr></tbody></table></td></tr></tbody></tabl=
e></span><span id=3D"fixBand44"></span><span id=3D"fixBand3"></span><span i=
d=3D"fixBand4"></span><span id=3D"fixBand10"><table style=3D"border-left-st=
yle:solid;;border-right-style:solid;;border-width:2px;border-color:#000000;=
" height=3D"243px" width=3D"643px" cellpadding=3D"0" cellspacing=3D"0"><tbo=
dy><tr style=3D"width:643px;height:244px;"><td style=3D"width:643px;height:=
244px;"><table style=3D"" height=3D"244px" width=3D"643px" cellpadding=3D"0=
" cellspacing=3D"0"><tbody><tr style=3D"width:643px;height:244px;"><td styl=
e=3D"border-width:0px;width:0px;height:0px;"></td><td style=3D"border-width=
:0px;width:643px;height:0px;"><span style=3D""><a href=3D"http://www.cmbchi=
na.com/" target=3D"_blank"><img src=3D"https://pbdw.ebank.cmbchina.com/cbmr=
esource/22/dyzd/jpkgbdyzdybd/d/ybdxjfq20160303.jpg" style=3D"border-width:0=
px 0px 0px 0px" height=3D"243.0" width=3D"643.0"></a></span></td></tr></tbo=
dy></table></td></tr></tbody></table></span><span id=3D"fixBand11"><table s=
tyle=3D"border-left-style:solid;;border-right-style:solid;;border-bottom-st=
yle:solid;;border-width:2px;border-color:#000000;" height=3D"75px" width=3D=
"643px" cellpadding=3D"0" cellspacing=3D"0"><tbody><tr style=3D"width:643px=
;height:76px;"><td style=3D"width:643px;height:76px;"><table style=3D"" hei=
ght=3D"76px" width=3D"643px" cellpadding=3D"0" cellspacing=3D"0"><tbody><tr=
 style=3D"width:643px;height:76px;"><td style=3D"border-width:0px;width:0px=
;height:0px;"></td><td style=3D"border-width:0px;width:643px;height:0px;"><=
span style=3D""><img src=3D"https://pbdw.ebank.cmbchina.com/cbmresource/mai=
lpicture/dygbcs0215/dbwz.jpg" style=3D"border-width:0px 0px 0px 0px" height=
=3D"75.0" width=3D"643.0"></span></td></tr></tbody></table></td></tr></tbod=
y></table></span><span id=3D"fixBand20"><table style=3D"border-width:0px;" =
height=3D"17px" width=3D"643px" cellpadding=3D"0" cellspacing=3D"0"><tbody>=
<tr style=3D"width:643px;height:2px;"><td style=3D"width:643px;height:2px;"=
><table style=3D"" height=3D"2px" width=3D"643px" cellpadding=3D"0" cellspa=
cing=3D"0"><tbody><tr style=3D"width:643px;height:2px;"><td style=3D"border=
-width:0px;width:201px;height:0px;"></td><td style=3D"border-width:0px;widt=
h:442px;height:0px;"><span style=3D""><img style=3D"border-width:0px 0px 0p=
x 0px" height=3D"1.0" width=3D"2.0"></span></td></tr></tbody></table></td><=
/tr><tr style=3D"width:643px;height:15px;"><td style=3D"width:643px;height:=
15px;"><table style=3D"" height=3D"15px" width=3D"643px" cellpadding=3D"0" =
cellspacing=3D"0"><tbody><tr style=3D"width:643px;height:15px;"></tr></tbod=
y></table></td></tr></tbody></table></span></div>
</div></body></html>
  • height
  • width
  • style
  • tbody
    11 条回复    2016-03-17 21:22:41 +08:00
    serco
        1
    serco  
       2016-03-17 09:54:07 +08:00   ❤️ 1
    Email 发件人可以任意伪造的。
    Moker
        2
    Moker  
       2016-03-17 10:07:24 +08:00
    但 cmbchina 的链接是指向 cmbchinasj.com
    <a href="b">a</a>
    lucky2touch
        3
    lucky2touch  
       2016-03-17 10:43:49 +08:00 via iPhone
    昨天收到假基站的短信也是这个提示
    TimePPT
        4
    TimePPT  
       2016-03-17 11:29:03 +08:00
    发件人可以伪造啊,所以反垃圾才要求做 IP 反解析,以及才会有 DKIM 这种签名验证技术
    jasontse
        5
    jasontse  
       2016-03-17 14:04:00 +08:00 via iPad   ❤️ 1
    这封邮件是伪造发件人的, Outlook 通过 SPF / PTR / DKIM 等手段把它识别出来了,所以它是被丢进垃圾箱的。
    learnshare
        6
    learnshare  
       2016-03-17 14:07:20 +08:00
    手机也收到假招行的短信 /t/263847
    ykjsw
        7
    ykjsw  
    OP
       2016-03-17 14:19:14 +08:00
    学习了
    yuriko
        8
    yuriko  
       2016-03-17 16:53:42 +08:00
    发邮件的时候,协议里可以随便填发件人的信息的,只是现在的邮件运营商会帮你填你的信息罢了,自己建个服务器就呵呵了
    iAV
        9
    iAV  
       2016-03-17 17:08:15 +08:00   ❤️ 1
    Received: from message.cmbchina.com ([115.210.202.182]) by SNT004-MC4F14.hotmail.com with Microsoft SMTPSVC(7.5.7601.23143);
    Tue, 15 Mar 2016 17:30:06 -0700

    首先, message.cmbchina.com 这个域名并不存在!
    其次, 115.210.202.182 的 PTR 记录也不是指向 message.cmbchina.com

    正是未通过域名反解,所以, Hotmail 才将这个邮件定义为垃圾。

    发件人应该是宁波电信的宽带用户,直连上 hotmail 的 smtp ,伪造发件地址来发信的。
    mcone
        10
    mcone  
       2016-03-17 17:46:33 +08:00   ❤️ 1
    1. 发件地址可以伪造
    2. 锚文本跟链接具体指向没什么关系吧(之前还在乌云看到过鼠标放在锚文本上,浏览器左下角显示的链接也是可以伪造的——跟具体点进去的网页不一样)
    3. 正文中“银行”二字为了防止简单的 spam filter 居然加了空格,这种邮件还用想吗,说他是垃圾邮件都是褒奖他, low 爆了
    msg7086
        11
    msg7086  
       2016-03-17 21:22:41 +08:00
    [邮件确实是从 cmbchina.com 发出] 根本就不是……所以不要直接无脑猜啊。
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   3008 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 24ms · UTC 13:38 · PVG 21:38 · LAX 05:38 · JFK 08:38
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.