这是一个创建于 1094 天前的主题,其中的信息可能已经有所发展或是发生改变。
现在是我有俩个邮箱,1 个是 outlook 的邮箱登陆方式为微软令牌,还有一个是 qq 邮箱,设置登陆方式为 qq 扫码或者手机短信,今天出了一个离奇的事件,qq 的这个邮箱收到了来自 outlook 那个邮箱的邮件,但是是由 [email protected] 代发的,我并没有发这个邮件,也并不清楚这个代发邮件的地址,请问是哪里出了问题,明明俩端我都是两步验证,安全性理论上应该没问题啊
Received: from bta1131.secure.jp (bta1131.secure.jp [27.34.138.240])
by newxmmxszc24.qq.com (NewMX) with SMTP id 5F63587B
for <MyQQMail>; Tue, 16 Nov 2021 15:23:54 +0800
X-QQ-mid: xmmxszc24t1637047434tmpmx1vxc
X-QQ-XMAILINFO: NaX+CegJ7TiCinZ0brxqhIKio92e3yyv1peTrBAJibzS8EaTIoy3N770vpWZih
QR4nAZkyl1Oi19BChGHaQyCtmS5K3YHDxL0scrMcUyCz8XeUkr/TmSkmhB7qAIsGpMoDobKHlk4k
th552mvz1nFgScSTsWcwVf7t6sYxvxyYxnCWdJPRAE2M4ddVgzr7R8Ys5FQN5fuQRnEq3qqjN/bn
7epSpjelH6HTVhlri6na6NCyqRzScWwt32EUGDZOkpKJHTYbSSqqqrfouzHDDlfT70PJzkhKVY/n
QYAJ0s8+2ay92ppIQIMMNPqeG4jrU3NrfPFzlRnU5TzCEoJleJ/4P9T29Zn9kBZ1EXHloEAas6Rq
dHCGyBiJqTg3Dmec7byEDYL34TfJohPANiBmXc7rAVYyysO4Soj+Bqc1kHhojLQjXUJQsSRvoZEF
H54dNbnyPGqS/t/xihC9g+MlSKxR189svYjH+lZeP6Aayw9e9cppmlWEUAZEzX7tl8pUj7wgx6Jh
MmPWa+o++OSMfH6cyEaIuaE8HMZ4PgLRnsIhsEpYd/KnqM5meKXF0LEhadO4Vuxn7KCRMfJWSkYL
TgHtcU3IU2oOAkErKcc6vkEFm6LZcUgNFRypWeVZN6JjmKMA2q4wlISfciUPgFnSC77nB5QMlNkD
T9j2x1KnJZIzB2nrz+hBCNPjihnZdvbtRtJFaSDXFXf7D4sY4FKxpFxTsls5unkD2MmL/wETHAOb
Nws+AsC185v5aW/QDQ3G556EMr+Iup/sUo2og+EW/AYGHqY5n6MSls9/aNCYllFeMpC5RU86x9z3
YpG/IkIJ1un6ND5mLhpSkP3vMFBqWEWWleeUuc+689qZwFNpWoVCyVTqbi2i5wNySH1DTqcAlQev
MGFFJu/0QKedGLAuQ2Kxae1ebB7gIYrY+u/wJNVWBQQGv4Jd+MT7yuX6ZKfQ07ldp7QOvN76ln3j
dq3asICdTBbMt7+mIDzPI1Oh3kj9huOPnoB+CZfC9zUWSNjB/9qbmk9tF1f6XiSFgpjhaC3NCPN3
3d89uBjGu84mrKud3b6tsQ0Migc3HjJ8C8e8VT+061GtAtELnKfNU5I3/tcp+9gXUKsC9Qm+bdAf
Ks7p+JYIKy+0nbgGr+dkvbCO41EoamIFPM/eKD
Sender: [email protected]
Received: (qmail 17987 invoked by uid 0); 16 Nov 2021 16:23:54 +0900
Received: from unknown (HELO A-PC) ([email protected]@36.226.13.27)
by 0 with SMTP; 16 Nov 2021 16:23:54 +0900
Thread-Index: AdW0gybaYf1ymEjKdow3vtI9hn4aEQ==
Content-Language: zh-cn
From: "MyHotMail" <MyHotMail>
Subject: =?UTF-8?B?6YCA5qy+MzQw?=
To: "1812231608" <MyQQMail>
Content-Type: multipart/alternative; charset=UTF-8; boundary="----=_NextPart_952_36B9_CAF7253F.98879891"
MIME-Version: 1.0
Reply-To: [email protected]
Date: Tue, 16 Nov 2021 15:23:36 +0800
Message-Id: <[email protected]>
X-Mailer: Microsoft Outlook 16.0
This is a multi-part message in MIME format
------=_NextPart_952_36B9_CAF7253F.98879891
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: base64
PHA+DQoJJiN4NTZERSYjeDU5MEQmI3g5MEFFJiN4NEVGNiYjeDY3RTUmI3g3NzBCDQo8L3A+DQo=
------=_NextPart_952_36B9_CAF7253F.98879891
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: base64
PHA+DQoJJiN4NTZERSYjeDU5MEQmI3g5MEFFJiN4NEVGNiYjeDY3RTUmI3g3NzBCDQo8L3A+DQo=
------=_NextPart_952_36B9_CAF7253F.98879891--
这是整个的邮件内容 显然真实地址是 [email protected] 这个 问题是他从哪里能得知我的这俩个邮箱是关联的,而且 qq 邮箱还能显示是 outlook 那个邮箱代发的呢?很困惑
Received: from bta1131.secure.jp (bta1131.secure.jp [27.34.138.240])
by newxmmxszc24.qq.com (NewMX) with SMTP id 5F63587B
for <MyQQMail>; Tue, 16 Nov 2021 15:23:54 +0800
X-QQ-mid: xmmxszc24t1637047434tmpmx1vxc
X-QQ-XMAILINFO: NaX+CegJ7TiCinZ0brxqhIKio92e3yyv1peTrBAJibzS8EaTIoy3N770vpWZih
QR4nAZkyl1Oi19BChGHaQyCtmS5K3YHDxL0scrMcUyCz8XeUkr/TmSkmhB7qAIsGpMoDobKHlk4k
th552mvz1nFgScSTsWcwVf7t6sYxvxyYxnCWdJPRAE2M4ddVgzr7R8Ys5FQN5fuQRnEq3qqjN/bn
7epSpjelH6HTVhlri6na6NCyqRzScWwt32EUGDZOkpKJHTYbSSqqqrfouzHDDlfT70PJzkhKVY/n
QYAJ0s8+2ay92ppIQIMMNPqeG4jrU3NrfPFzlRnU5TzCEoJleJ/4P9T29Zn9kBZ1EXHloEAas6Rq
dHCGyBiJqTg3Dmec7byEDYL34TfJohPANiBmXc7rAVYyysO4Soj+Bqc1kHhojLQjXUJQsSRvoZEF
H54dNbnyPGqS/t/xihC9g+MlSKxR189svYjH+lZeP6Aayw9e9cppmlWEUAZEzX7tl8pUj7wgx6Jh
MmPWa+o++OSMfH6cyEaIuaE8HMZ4PgLRnsIhsEpYd/KnqM5meKXF0LEhadO4Vuxn7KCRMfJWSkYL
TgHtcU3IU2oOAkErKcc6vkEFm6LZcUgNFRypWeVZN6JjmKMA2q4wlISfciUPgFnSC77nB5QMlNkD
T9j2x1KnJZIzB2nrz+hBCNPjihnZdvbtRtJFaSDXFXf7D4sY4FKxpFxTsls5unkD2MmL/wETHAOb
Nws+AsC185v5aW/QDQ3G556EMr+Iup/sUo2og+EW/AYGHqY5n6MSls9/aNCYllFeMpC5RU86x9z3
YpG/IkIJ1un6ND5mLhpSkP3vMFBqWEWWleeUuc+689qZwFNpWoVCyVTqbi2i5wNySH1DTqcAlQev
MGFFJu/0QKedGLAuQ2Kxae1ebB7gIYrY+u/wJNVWBQQGv4Jd+MT7yuX6ZKfQ07ldp7QOvN76ln3j
dq3asICdTBbMt7+mIDzPI1Oh3kj9huOPnoB+CZfC9zUWSNjB/9qbmk9tF1f6XiSFgpjhaC3NCPN3
3d89uBjGu84mrKud3b6tsQ0Migc3HjJ8C8e8VT+061GtAtELnKfNU5I3/tcp+9gXUKsC9Qm+bdAf
Ks7p+JYIKy+0nbgGr+dkvbCO41EoamIFPM/eKD
Sender: [email protected]
Received: (qmail 17987 invoked by uid 0); 16 Nov 2021 16:23:54 +0900
Received: from unknown (HELO A-PC) ([email protected]@36.226.13.27)
by 0 with SMTP; 16 Nov 2021 16:23:54 +0900
Thread-Index: AdW0gybaYf1ymEjKdow3vtI9hn4aEQ==
Content-Language: zh-cn
From: "MyHotMail" <MyHotMail>
Subject: =?UTF-8?B?6YCA5qy+MzQw?=
To: "1812231608" <MyQQMail>
Content-Type: multipart/alternative; charset=UTF-8; boundary="----=_NextPart_952_36B9_CAF7253F.98879891"
MIME-Version: 1.0
Reply-To: [email protected]
Date: Tue, 16 Nov 2021 15:23:36 +0800
Message-Id: <[email protected]>
X-Mailer: Microsoft Outlook 16.0
This is a multi-part message in MIME format
------=_NextPart_952_36B9_CAF7253F.98879891
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: base64
PHA+DQoJJiN4NTZERSYjeDU5MEQmI3g5MEFFJiN4NEVGNiYjeDY3RTUmI3g3NzBCDQo8L3A+DQo=
------=_NextPart_952_36B9_CAF7253F.98879891
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: base64
PHA+DQoJJiN4NTZERSYjeDU5MEQmI3g5MEFFJiN4NEVGNiYjeDY3RTUmI3g3NzBCDQo8L3A+DQo=
------=_NextPart_952_36B9_CAF7253F.98879891--
这是整个的邮件内容 显然真实地址是 [email protected] 这个 问题是他从哪里能得知我的这俩个邮箱是关联的,而且 qq 邮箱还能显示是 outlook 那个邮箱代发的呢?很困惑
 |
1
iloveayu 2021-11-16 16:17:57 +08:00
看邮件头信息,找找源头 IP 从哪出来的,可能是钓鱼邮件。
|
 |
2
iBugOne 2021-11-16 16:23:44 +08:00 via Android
“代发”表示对方根本没登进你的邮箱,而是从他自己的邮箱里发出的,改写了 From 成你的地址。你看原始邮件里的 Sender 就是你这个代发的地址。一般邮箱软件都会把 Sender 和 From 不一致的邮件标出来的
|
 |
3
richarddingcn OP @iloveayu 肯定是钓鱼邮件 回复会回到 [email protected] 这个地址 主要不知道为什么 qq 邮箱提示发件人是我的 outlook 邮箱
|
|
4
richarddingcn OP @iBugOne 了解了 感谢解惑 那只需要拉黑名单就完事了
|
|
5
iloveayu 2021-11-16 16:42:07 +08:00
看这个,From: "MyHotMail" <MyHotMail> 这里是显示在你邮箱里,发件人的字段,所以就这么显示了。
发钓鱼邮件的人,直接自定义了这个字段,然后用 reply-to ,把回复引到他自己的邮箱 [email protected] 。 用了个干净 IP 27.34.138.240 和 邮件地址域名 @jetcoltd.co.jp ,这是为了过 QQ 邮箱的 Anti-spam 过滤。 看了一下这个 mail.zhouxin5460.cn 已经无 MX 记录了,即使你回复了,他也收不到了,应该是有用户投诉已经被万网干掉 DNS 解析了。 |
 |
6
cnZary 2021-11-22 21:33:30 +08:00
我也遇到这个问题了
请问你的域名有托管在 cloudflare 上吗 |
Select Language