email headers

[fivealive]

So in short i was checking my email and one of them was from facebook claiming someone updated their facebook status. The odd thing is its one of my accounts and i dont use it so confused i go directly to facebook and look at the account it doesnt appear to have been touched ( at least according to the account im signed into it hasnt been).

so here is the headers does anyone know if this is actually from facebook or not.

x-store-info:eER+dkW9LbRZeSaTfrbsKbNwYWGSG1yyTlMwG2OmNw4JVh79ttTxw0pJUoTXOqWbmQyemAR3VE9+hvI9q3/x92MctN0n0c6e4b1C7ifgS2KI1PaZkRKRsTiYVT3mbl2h

Authentication-Results: hotmail.com; sender-id=pass (sender IP is 69.171.232.156) header.from=notification+m-kwu1pd@facebookmail.com; dkim=pass header.d=facebookmail.com; x-hmca=pass

X-Message-Status: n:0:n

X-SID-PRA: Facebook <notification+m-kwu1pd@facebookmail.com>

X-SID-Result: Pass

X-DKIM-Result: Pass

X-AUTH-Result: PASS

X-Message-Delivery: Vj0xLjE7dXM9MDtsPTE7YT0xO0Q9MTtHRD0xO1NDTD0w

X-Message-Info: /Afko6AgMSyKLEG+VlL4UxHENNOkj7SDamZlD6KPkxQWqVUfta1EQS0RFAidW1DCnaI2yS8KKZmG1U3V9j3b+U3rU2IVaXuywdSQkV0bHb15TpJg4BcabX6GZaKIg3BcjOdU7QyeW3s=

Received: from mx-out.facebook.com ([69.171.232.156]) by SNT0-MC2-F1.Snt0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900);

Tue, 20 Mar 2012 05:57:51 -0700

Return-Path: <notification+m-kwu1pd@facebookmail.com>

DKIM-Signature: v=1; a=rsa-sha256; d=facebookmail.com; s=s1024-2011-q2; c=relaxed/simple;

q=dns/txt; i=@facebookmail.com; t=1332248271;

h=From:Subject:Date:To:MIME-Version:Content-Type;

bh=TVUjDd9LZXneRmjljDtPsHmDdxwr0EsYeMd8M2S8ELM=;

b=KJfB2NRAMyu3ojmgcPXFwIDzzCWSsTrIEGDLo/pqWJPEwE5dKssLmP95gVFj/u2c

R1Xj/0FiDOBvsqULgtWcDmOKFKEZblXtrCxkU3QwWG17qm+ERCQqSEIiEcD6XRSF

8EcydsJvmRB9TSpR6w2f5lLbpIf+e2BolKgNV7yLez4=;

Received: from [10.60.117.67] ([10.60.117.67:48488])

by smout046.snc7.facebook.com (envelope-from <notification+m-kwu1pd@facebookmail.com>)

(ecelerity 2.2.2.45 r(34222M)) with ECSTREAM

id 0D/9A-04003-FCE786F4; Tue, 20 Mar 2012 05:57:51 -0700

X-Facebook: from zuckmail ([MTI3LjAuMC4x])

by async.facebook.com with HTTP (ZuckMail);

Date: Tue, 20 Mar 2012 05:57:51 -0700

To: my email was here

From: "Facebook" <notification+m-kwu1pd@facebookmail.com>

Reply-to: noreply <noreply@facebookmail.com>

Subject: Roger Rogers updated his status: "grocery store closing near my place 30%off on alot"

Message-ID: <0e576b76560dc503c543f9fd6a2efa45@async.facebook.com>

X-Priority: 3

X-Mailer: ZuckMail [version 1.00]

Errors-To: notification+m-kwu1pd@facebookmail.com

X-Facebook-Notify: friend_activity; mailid=5d27bfdG228311e7G11e6a616G109

X-FACEBOOK-PRIORITY: 0

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="b1_0e576b76560dc503c543f9fd6a2efa45"

X-OriginalArrivalTime: 20 Mar 2012 12:57:51.0597 (UTC) FILETIME=[0F0E49D0:01CD0699]

--b1_0e576b76560dc503c543f9fd6a2efa45

Content-Type: text/plain; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

http://www.facebook.com/n/?permalink.php&story_fbid=3D10151377334200144&id=

=3D579015143&mid=3D5d27bfdG228311e7G11e6a616G109&bcode=3DbzFhCnp1&n_m=3Dja=

y21317%40hotmail.com

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

Roger Rogers updated his status: "grocery store closing near my place =

30%off on alot."

You are receiving this email because you've listed Roger Rogers as a close =

friend.

http://www.facebook.com/n/?permalink.php&story_fbid=3D10151377334200144&id=

=3D579015143&mid=3D5d27bfdG228311e7G11e6a616G109&bcode=3DbzFhCnp1&n_m=3Dja=

y21317%40hotmail.com

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

This message was sent to jay21317@hotmail.com. If you don't want to =

receive these emails from Facebook in the future, please follow the link =

below to unsubscribe.

https://www.facebook.com/o.php?k=3Dea0872&u=3D579015143&mid=3D5d27bfdG2283=

11e7G11e6a616G109

Facebook, Inc. Attention: Department 415 P.O Box 10005 Palo Alto CA =

94303=20

--b1_0e576b76560dc503c543f9fd6a2efa45

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional =

//EN"><html><head><title>Facebook</title><meta http-equiv=3D"Content-Type" =

content=3D"text/html; charset=3Dutf-8" /></head><body style=3D"margin: 0; =

padding: 0;" dir=3D"ltr"><table cellspacing=3D"0" cellpadding=3D"0" =

style=3D"border-collapse:collapse;width:98%;" border=3D"0"><tr><td =

style=3D"font-size:12px;font-family:'lucida =

grande',tahoma,verdana,arial,sans-serif;"><table cellspacing=3D"0" =

cellpadding=3D"0" style=3D"border-collapse:collapse;width:620px;"><tr><td =

style=3D"font-size:16px;font-family:'lucida grande',tahoma,verda=

na,arial,sans-serif;background:#3b5998;color:#FFFFFF;font-weight:bold;vert=

ical-align:baseline;letter-spacing:-0.03em;text-align:left;padding:5px =

20px;"><a style=3D"text-decoration: none;" href=3D"http://www.facebook.com=

/n/?permalink.php&story_fbid=3D10151377334200144&id=3D579015143&am=

p;mid=3D5d27bfdG228311e7G11e6a616G109&bcode=3DbzFhCnp1&n_m=3Djay21=

317%40hotmail.com"><span style=3D"background:#3b5998;color:#FFFFFF;font-we=

ight:bold;font-family:'lucida =

grande',tahoma,verdana,arial,sans-serif;vertical-align:middle; =

font-size:16px;letter-spacing:-0.03em;text-align:left;vertical-align:basel=

ine;">facebook</span></a></td></tr></table><table cellspacing=3D"0" =

cellpadding=3D"0" style=3D"border-collapse:collapse;width:620px;" =

border=3D"0"><tr><td style=3D"padding:0px;background-color:#f2f2f2;border-=

left:none;border-right:none;border-top:none;border-bottom:none;"><table =

cellspacing=3D"0" cellpadding=3D"0" width=3D"100%" =

style=3D"border-collapse:collapse;"><tr><td =

style=3D"font-size:11px;font-family:'lucida grande', tahoma, =

verdana, arial, sans-serif;padding:0px;width:620px;"><table =

cellspacing=3D"0" cellpadding=3D"0" border=3D"0" width=3D"100%" =

style=3D"border-collapse:collapse;"><tr><td style=3D"padding:20px;backgrou=

nd-color:#fff;border-left:none;border-right:none;border-top:none;border-bo=

ttom:none;"><table cellspacing=3D"0" cellpadding=3D"0" =

style=3D"border-collapse:collapse;"><tr valign=3D"top"><td =

style=3D"font-size:11px;font-family:'lucida grande', tahoma, =

verdana, arial, sans-serif;padding-right:10px;"><a href=3D"http://www.face=

book.com/n/?permalink.php&story_fbid=3D10151377334200144&id=3D5790=

15143&mid=3D5d27bfdG228311e7G11e6a616G109&bcode=3DbzFhCnp1&n_m=

=3Djay21317%40hotmail.com" =

style=3D"color:#3b5998;text-decoration:none;"><img src=3D"https://fbcdn-pr=

ofile-a.akamaihd.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" =

style=3D"border:0;" /></a></td><td width=3D"100%" =

style=3D"font-size:11px;font-family:'lucida grande', tahoma, =

verdana, arial, sans-serif;"><table cellspacing=3D"0" cellpadding=3D"0" =

border=3D"0" width=3D"100%" style=3D"border-collapse:collapse;"><tr><td =

style=3D"padding:0px;background-color:#fff;border-left:none;border-right:n=

one;border-top:none;border-bottom:none;color:#333333;"><table =

cellspacing=3D"0" cellpadding=3D"0" width=3D"100%" =

style=3D"border-collapse:collapse;"><tr><td =

style=3D"font-size:11px;font-family:'lucida grande', tahoma, =

verdana, arial, sans-serif;padding:0px;color:#333333;"><table =

cellspacing=3D"0" cellpadding=3D"0" =

style=3D"border-collapse:collapse;"><tr><td =

style=3D"font-size:14px;font-family:'lucida grande', tahoma, =

verdana, arial, sans-serif;font-weight:bold;"><a =

href=3D"https://www.facebook.com/profile.php?id=3D100001638962052" =

style=3D"color:#3b5998;text-decoration:none;">Roger =

Rogers</a></td></tr><tr><td =

style=3D"font-size:11px;font-family:'lucida grande', tahoma, =

verdana, arial, sans-serif;padding:5px 0px 10px;"><a href=3D"http://www.fa=

cebook.com/n/?profile.php&id=3D100001638962052&mid=3D5d27bfdG22831=

1e7G11e6a616G109&bcode=3DbzFhCnp1&n_m=3D(my email was here)">Ro=

ger Rogers</a> updated his status: "grocery store closing near my place =

30%off on alot."</td></tr></table></td></tr></table></td></tr></table></td=

></tr></table></td></tr></table></td></tr><tr><td =

style=3D"font-size:11px;font-family:'lucida grande', tahoma, =

verdana, arial, sans-serif;padding:0px;width:620px;"><table =

cellspacing=3D"0" cellpadding=3D"0" border=3D"0" =

style=3D"border-collapse:collapse;width:100%;"><tr><td =

style=3D"padding:10px 10px 10px 80px;background-color:#f2f2f2;border-left:=

none;border-right:none;border-top:1px solid #ccc;border-bottom:1px solid =

#ccc;"><table cellspacing=3D"0" cellpadding=3D"0" =

style=3D"border-collapse:collapse;"><tr><td =

style=3D"font-size:11px;font-family:'lucida grande', tahoma, =

verdana, arial, sans-serif;padding-right:10px;"><table cellspacing=3D"0" =

cellpadding=3D"0" style=3D"border-collapse:collapse;"><tr><td =

style=3D"border-width: 1px; border-style: solid; border-color: #29447E =

#29447E #1a356e; background-color: #5b74a8;"><table cellspacing=3D"0" =

cellpadding=3D"0" style=3D"border-collapse:collapse;"><tr><td =

style=3D"font-size:11px;font-family:'lucida grande', tahoma, =

verdana, arial, sans-serif;padding:2px 6px 4px;border-top:1px solid =

#8a9cc2;"><a href=3D"http://www.facebook.com/n/?permalink.php&story_fb=

id=3D10151377334200144&id=3D579015143&mid=3D5d27bfdG228311e7G11e6a=

616G109&bcode=3DbzFhCnp1&n_m=3D(my email was here)" =

style=3D"color:#3b5998;text-decoration:none;"><span style=3D"font-weight: =

bold; color: #fff; font-size: 11px;">View Post</span></a></td></tr></table=

></td></tr></table></td></tr></table></td></tr></table></td></tr></table><=

/td></tr></table><table cellspacing=3D"0" cellpadding=3D"0" border=3D"0" =

style=3D"border-collapse:collapse;width:620px;"><tr><td =

style=3D"padding:30px 20px;background-color:#fff;border-left:none;border-r=

ight:none;border-top:none;border-bottom:none;font-size:11px;font-family:=

039;lucida grande', tahoma, verdana, arial, =

sans-serif;color:#999999;border:none;">This message was sent to =

(my email was here). If you don't want to receive these emails from =

Facebook in the future, please click: <a href=3D"https://www.facebook.com/=

o.php?k=3Dea0872&u=3D579015143&mid=3D5d27bfdG228311e7G11e6a616G109=

" style=3D"color:#3b5998;text-decoration:none;">unsubscribe</a>.<br /> =

Facebook, Inc. Attention: Department 415 P.O Box 10005 Palo Alto CA 94303 =

</td></tr></table><span style=3D"width:620px;"><img src=3D"https://www.fac=

ebook.com/email_open_log_pic.php?mid=3D5d27bfdG228311e7G11e6a616G109" =

style=3D"border:0;width:1px;height:1px;" /><bgsound src=3D"https://www.fac=

ebook.com/email_open_log_pic.php?mid=3D5d27bfdG228311e7G11e6a616G109&s=3Da=

" volume=3D"-10000"/></span></td></tr></table></body></html>

--b1_0e576b76560dc503c543f9fd6a2efa45--

[fivealive]

oddly enough on checking facebook settings i shouldnt be getting emails about status updates how odd

[David H. Lipman]

69.171.232.156 --

NetRange: 69.171.224.0 - 69.171.255.255

CIDR: 69.171.224.0/19

OriginAS: AS32934

NetName: TFBNET3

NetHandle: NET-69-171-224-0-1

Parent: NET-69-0-0-0-0

NetType: Direct Assignment

RegDate: 2010-08-05

Updated: 2012-02-24

Ref: http://whois.arin.net/rest/net/NET-69-171-224-0-1

OrgName: Facebook, Inc.

OrgId: THEFA-3

Address: 1601 S. California Ave

City: Palo Alto

StateProv: CA

PostalCode: 94304

Country: US

But it originated from; SNT0-MC2-F1.Snt0.hotmail.com

[fivealive]

Thank you, its good to know that the email is fake. Still confused on how they knew one of my friends names anyway i have all that stuff listed as private so unless one of my friends has been compromised they shouldn't have been able to get a hold of my friends names. Actually come to think of it even if they got a hold of my friends names and picked one that belonged to me they have no way to email me since my email doesnt even show up to friends.

[fivealive]

So i sent them a message about this before you answered me. Got an automated email back basically thanking me for the feedback here is the headers for that. Seems if im reading it right it says its also originating from hotmail. I will point out my email is a hotmail email.

x-store-info:i1mvqhPkdZwu3DNZ/OabHTcl0lVw0VvW+zguY3J5FAY=

Authentication-Results: hotmail.com; sender-id=pass (sender IP is 69.171.232.137) header.sender=info+mj3snre.aeaqvnqgga@support.facebook.com; dkim=pass header.d=support.facebook.com; x-hmca=pass

X-Message-Status: n:0:n

X-SID-PRA: info+mj3snre.aeaqvnqgga@support.facebook.com

X-SID-Result: Pass

X-DKIM-Result: Pass

X-AUTH-Result: PASS

X-Message-Delivery: Vj0xLjE7dXM9MDtsPTE7YT0xO0Q9MTtHRD0xO1NDTD0w

X-Message-Info: /Afko6AgMSwAiQ52xyLpA1NyDTYG34VcY/YkGM+YEkSGEiUOsvH6Xv4xoxMat1kG04P7PbacSXc3SjEsYDCcaz55FVCe8S/VhCVTjRon0c9IDtuO9ValO7wdMC5RBH+OuNfYBPHcaOA=

Received: from mx-out.facebook.com ([69.171.232.137]) by BAY0-MC4-F41.Bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900);

Tue, 20 Mar 2012 07:10:53 -0700

Return-Path: <info-bounce+mj3snre.aeaqvnqgga@support.facebook.com>

DKIM-Signature: v=1; a=rsa-sha256; d=support.facebook.com; s=s1024-2011-q2; c=relaxed/simple;

q=dns/txt; i=@support.facebook.com; t=1332252652;

h=From:Subject:Date:To:MIME-Version:Content-Type;

bh=iX3CVCcr+RxAOS+yhV0gGudz7LWXEZOumDVRIpr5YzA=;

b=IqcWsC611mRxQ5vivIOJiRxyuQhLh3SSNa18BoeXQySpLaDQTEvpK1mY1PcgUyJD

oGjoznHd0Lml8VX82SgDLOhALW5U4rF31ZP8INoSJsq+WXBfrt+bH1TNh/Meauv7

o4SpNX7PtYhu5BDBMNSzc8Aro3AYZxBKI4PvOzOKOIQ=;

Received: from [10.62.166.40] ([10.62.166.40:41626])

by smout048.snc7.facebook.com (envelope-from <info-bounce+mj3snre.aeaqvnqgga@support.facebook.com>)

(ecelerity 2.2.2.45 r(34222M)) with ECSTREAM

id 09/78-04003-CEF886F4; Tue, 20 Mar 2012 07:10:52 -0700

X-Facebook: from zuckmail ([MTI3LjAuMC4x])

by www.facebook.com with HTTP (ZuckMail);

Date: Tue, 20 Mar 2012 07:10:52 -0700

To: my email

From: The Facebook Team <info+mj3snre.aeaqvnqgga@support.facebook.com>

Reply-to: The Facebook Team <info+mj3snre.aeaqvnqgga@support.facebook.com>

Subject: Re: Your Feedback about Facebook - facebook emails

Message-ID: <36f004320dfc84b3a3721191a273855d@www.facebook.com>

X-Priority: 3

X-Mailer: ZuckMail [version 1.00]

Errors-To: info-bounce+mj3snre.aeaqvnqgga@support.facebook.com

Sender: <info+mj3snre.aeaqvnqgga@support.facebook.com>

MIME-Version: 1.0

Content-Transfer-Encoding: quoted-printable

Content-Type: text/plain; charset="UTF-8"

X-OriginalArrivalTime: 20 Mar 2012 14:10:53.0021 (UTC) FILETIME=[429688D0:01CD06A3]

Hi,

Thanks for your feedback. We're constantly trying to improve Facebook, and =

your input is important to us. Unfortunately, we can't respond to =

individual feedback emails, but we are reading them.

If you are having any problems with your account, please find information =

about Facebook as well as the answers to many of your questions in our =

Help Center: https://www.facebook.com/help/

Thanks,

The Facebook Team

[David H. Lipman]

I didn't say it is fake. There is nothing to conclude that. The headers do show it came from FaceBook but originated from HotMail.

How, I do not know.

In fact, your FaceBook reply shows...

Received: from mx-out.facebook.com ([69.171.232.137]) by BAY0-MC4-F41.Bay0.hotmail.com

Which is consistent with the first email. It is possible there is a cooperative service agreement between HotMail and FaceBook.

[fivealive]

oh ok. i do know you can add your friends from you hotmail contact list.

Either way i did log into the account that this message came from that said it had a status update and their wasnt any activity at all going on which i found odd. so who knows what is going on either way thank you for the help

[fivealive]

i just got another email claiming the exact same message but this time its claiming to be from a different friend like what the hell.

[David H. Lipman]

Create email rules deleting email containing "facebook.com" and "facebookmail.com" if found in the headers.

[fivealive]

So odd thing i just noticed the email is saying these people updated their status about groceries being 30% off. now the odd thing i noticed is that the email message is word for word what i posted from my phone as a status update the other day.

now even though thats the case still dont see why its saying these people are updating their status to that when they obviously arnt.

Also idont know how to make blocking rules in hotmail

[David H. Lipman]

I don't know how either.

Webmail (email through a HTTP web page) is notoriously simplistic leaving the email user with little capabilities. The objective is to use an email client which downloads email from the server and brings it to the email client. Email clients have more capabilities and better filtering and rules based criteria capabilities.

I use Pegasus Mail (freeware for the past 21 years). With it I can create a POP3 rule where it examines the headers and can use regular expressions (in this case simply; *facebook.com*) and if found in the headers then the email is summarily deleted from the server and never even downloaded.

[fivealive]

oh interesting ill have to look into that.

[daledoc1]

Hi, fivealive:

In addition to David's excellent (and far more expert ) suggestions...

Caveat: I don't have a clue about FB and I use a different webmail app (gmail).

Having said that:

I've used Thunderbird email client for years (from the days of Netscape Mail).

It is also free and, because it is open-source, highly-customizable.

You can use it for your ISP or employer mail accounts, and for your webmail accounts (I use it for all 3 types).

For example, on my laptop, I have all 3 of my ISP accounts, my gmail and my work email all set up in TB.

You can easily design filters to automatically exclude/send to junk messages based on any criteria you choose.

I also use a highly powerful anti-spam program called MailWasher Pro 2012. Although the current, robust versions are not free, and although I get hardly any spam, it is extremely helpful for reviewing, scanning and sorting incoming messages while they are still out on the servers, before they are even downloaded to my system. With it, I can efficiently preview and process 100s of daily messages I receive from legit senders (and I can trash the occasional spam safely, before it gets to my computer). It's probably the single most useful productivity app I use and I hold 2 lifetime licenses. B/C there is no Mac version, it is a major reason why I've stuck with PC platform all these years. Anyway, if I sound like a fan girl, I expect I probably am.

TB + MWP (+ a healthy dose of suspicion) is a VERY powerful combo for safe and efficient emailing.

JMHO, of course.