Share via

received a strange e-mail with no subject - Please help!

Anonymous
2023-09-01T19:19:04+00:00

Hello,

Received the following e-mail into my Outlook 365 account and did NOT open it but want to know what it is or who it came from. All I see is "Received: from 10.197.36.200":

[![](https://learn-attachment.microsoft.com/api/attachments/9e12bb16-d9bb-4466-9b40-7b8266b4572d?platform=QnA"https://learn-attachment.microsoft.com/api/attachments/322404c2-2d49-4e66-8582-cfc4b76131ad?platform=QnA" rel="ugc nofollow">\ Thanks!](https://learn-attachment.microsoft.com/api/attachments/322404c2-2d49-4e66-8582-cfc4b76131ad?platform=QnA"https://learn-attachment.microsoft.com/api/attachments/9e12bb16-d9bb-4466-9b40-7b8266b4572d?platform=QnA" rel="ugc nofollow">https://learn-attachment.microsoft.com/api/attachments/9e12bb16-d9bb-4466-9b40-7b8266b4572d?platform=QnA

Outlook | Windows | Classic Outlook for Windows | For business

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

Answer accepted by question author

  1. Anonymous
    2023-09-01T20:34:52+00:00

    so still wondering why the Beacon Theater is sending e-mails like this...

    Best guess is that this a new spammer learning the ropes but suspect that this nothing more han spam message but there is no way for anyone to know for sure.

    The following is a standard reply I give to those who ask about a sudden increase in <spam> and <unexpected> log in attempts describing how email addresses are harvested which you may find of interest

    The usual source of a sudden increase in failed login attempts or spam mail received is that the email address was harvested by a hacker who breached a data base on a website where you subscribed to something. That database gets repeatedly sold to other hackers/spammers on the dark web.

    Many people think that hackers penetrate the actual Microsoft servers to gain access to email accounts when that isn't the case. Instead they gain access to an actual account via any number of other ways including phishing emails.

    You can check to see if the email address comes up on a breached database on the following website created/run by Microsoft MVP Troy Hunt.

    https://haveibeenpwned.com/

    Pwned websites https://haveibeenpwned.com/PwnedWebsites#Epik

    Other articles that may be of interest

    The 773 Million Record "Collection #1" Data Breach https://www.troyhunt.com/the-773-million-record-collection-1-data-reach/

    How Do Spammers Get My Email Address? https://www.lifewire.com/how-do-spammers-get-my-email-address-2483607?utm_campaign=computersl&utm_medium=email&utm_source=cn_nl&utm_content=17601438&utm_term=

    *** if you find that the email address was on a breached website where a password was also entered, what you really do want to do is make sure that the same email address/password combination is NOT being used on other sites (i.e. Social Media, Facebook, Paypal, Amazon etc) and if that password is still the one being used on your email account - make sure to change it immediately. Not a question of <IF> a hacker will test those account(s) - just a matter of <WHEN>

    Required Forum Disclaimer: Some of the above links are non-Microsoft websites. The pages appear to be providing accurate, safe information. Watch out for ads on the site that may advertise products frequently classified as a PUP (Potentially Unwanted Products). Thoroughly research any product advertised on the site before you decide to download and install it.

    2 people found this answer helpful.
    0 comments

4 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2023-09-01T20:30:05+00:00

    You're welcome There's no question that this is a strange and unusual "From" address - all depends on how curious you are about what's inside. If you have the preview pane enables, just select the message to see what's inside.

    Hmm...

    Hiding my e-mail address from the text below:

    =====================================================================================

    Received: from 10.197.36.200

    by atlas209.aol.mail.bf1.yahoo.com pod-id NONE with HTTPS; Fri, 1 Sep 2023 19:03:35 +0000

    Return-Path: < bounce-226******@bounce.s4.exacttarget.com >

    X-Originating-Ip: [68.232.206.64]

    Received-SPF: pass (domain of bounce.s4.exacttarget.com designates 68.232.206.64 as permitted sender)

    Authentication-Results: atlas209.aol.mail.bf1.yahoo.com;  dkim=pass header.i=@email1.msg.com header.s=200608;  spf=pass smtp.mailfrom=bounce.s4.exacttarget.com;

    dmarc=pass(p=NONE,sp=NONE) header.from=email1.msg.com;

    X-Apparently-To: ******@xxxxxxx.net ; Fri, 1 Sep 2023 19:03:35 +0000

    X-YMailISG: oCaYRJcWLDujbfLDu45hdnMRkZ17FvDimGKZjlLso.QeeHrd

    l2cP3YoVZRYgwvsqDFKq4gFnqHr33bNKChdAmVvijbaZZCScLGsJagOMJymB

    i.nCcyjYG_84_LTcR5MJvZaegUh4n.dTbeHF31MYML0rwNmVEzgaWo7gkPy3

    QKPftFwX68WLpioJskg7lItTcXiOIY9eMtUfDEaHeaVfp_2ZZvkfbUo3e98N

    wpb6o8MUKVOPVimw9Qc2k_KhSAy9_nKuF3Bc7tNjMsKrX6BXX1bDYvb0ioLT

    7ZQeVZWIjp0CcQaRdU0kCpCiGq81kCExFJdOqvVcqohyxdgyV8jdbkiuA2mS

    xMeQ2z0SCzzyyGQXTvKAsd4Dc46arHroYKSfpQQrwGmVM3fAD5l74MAsY5Py

    5FexXpEvXiwuiSg7A99EFU.6ZHz8JK4ZMkJJVGBZZj1zNyA3HlPEdtzOFSzD

    Y8suEflHBiGOqp.3zjG_e.YdGpoOaVmGu3iescq2s0penPaSiSdRsLPAQ1zX

    cpmxJxHXZANo3W34eL_0XWglwTy1tvGsYWf58GLmSts9djYAJuyLc9AF550.

    I.GRYJSAqYAM0dWWeGTt9Vsme__Pwwxy0gsrzfOEwo3_BdKbmVVcWfhbjLgh

    GwhU3YFmBPIlPYiieSZ2HZZ8XrQsj9JXODC2UE0XK4GDpDMMOrrk0WniSPhl

    iAv.H_d1gED4Na1wkQQ5XY59CAn0y5QSCUYm1h2LvpkrOZo0naNiFShLYXPN

    XyUpxfTBw3n721VDxFbA0kf1kBvTyqnmOROG3Ab76Mu7zZBqkaLDR_GQLTJP

    8HEXefccaHANmNyts4TB7tZ0sxhEQUkAyFruREKPFs59uq0tC41vY1suLUmh

    q.vmgwoy068Iw7mDSbPcK_mBnL0u0fawzGwgsorPEwRYEHs82n.pMKqGabpK

    fWJ0emFJLvo4C3kL_9.0abJggYrP57A9s_cvCEEOIvDTFu_K2ZSYBXp98xTM

    yS4qrUWEVHx6WK7o_OhwFM5lHIDc4CuNZnOYYxnLEjHs2gsXWwU.XTef1VMh

    HYbLLE2tiFObbHSEz3Drtm9DlW6sXloS9JZjKvuzuK6nWC4JbVED02BpttT_

    z6bHyJsnlGSvZ_m98o608ZRGZWL0dHcalp6q5JIr6_SPYG_ISzaEO9F8sHFe

    SBft9pPR4vY.H8OUIbrOmdwBtTnl03pDfqpwPzTHS7FkhjrWwcjrT3HG6kJY

    nHAjGJSSUFa3A1OwoOuuKI7Eu2FOCul1.imtBCZMOs7P_XwiVwddliBTl.hm

    BlWV7yj15w--

    Received: from 68.232.206.64 (EHLO mta.email1.msg.com)  by 10.197.36.200 with SMTPs

    (version=TLS1_2 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256);

    Fri, 01 Sep 2023 19:03:35 +0000

    DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=200608; d=email1.msg.com;

    h=From:To:Subject:Date:List-Unsubscribe:List-Unsubscribe-Post:MIME-Version:

    Reply-To:List-ID:X-CSA-Complaints:Message-ID:Content-Type;

     i=*****@email1.msg.com* ;

    bh=fCvojS9+82dcCxdb7Yds7DOxhnvYDEzHP5fgsMgkEAg=;

    b=LUV3rccsZ/9XQQHgNvGJnUoQPW7LsXxF9zTJCD1YgdbQgrFLfkxvcLKCo1iGRUGyXXH0/ehQaftV

    YaGisI5eMQrP28StyHP+m76VFnr1V5EJ9mRvQP29JZ4er5RlG91FSG43+EmSmRl1FSMyavUoKnvC

    5UYOYld6Ei/kaFj2KKM=

    @xxxxx.net *bounce-226*@bounce.s4.exacttarget.com

    From: "The Beacon Theatre" < ******@email1.msg.com >

    To: < xxxxxxxxx@xxxxx .net>

    Subject: Your September Event Guide: Michael McIntyre, Kenny Loggins, Remade Men: Mike Tyson & Michael Franzese, and more!

    Date: Fri, 01 Sep 2023 13:02:57 -0600

    List-Unsubscribe: <https://click.email1.msg.com/subscription_center.aspx?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJtaWQiOiIxMDc1MDM5IiwicyI6IjEyMTM2NTc1NjYiLCJsaWQiOiIyMjYiLCJqIjoiMzUwMjM5NiIsImpiIjoiMjM5IiwiZCI6IjQwMTI3In0.QgwNyNqEwPOU9I0wgnT_YC2ixteh4FDDuOPV_0kt-5A>, < ******@leave.email1.msg.com >

    List-Unsubscribe-Post: List-Unsubscribe=One-Click

    x-CSA-Compliance-Source: SFMC

    MIME-Version: 1.0

    Reply-To: "Beacon Theatre" < reply-fe9317757566077473-226******@email1.msg.com >

    List-ID: <1070317.xt.local>

    X-CSA-Complaints: ******@eco.de

    X-SFMC-Stack: 4

    x-job: 1075039_3502396

    Message-ID: < ******@las1s04mta818.xt.local >

    Content-Type: multipart/alternative;

    boundary="yGZogKyXztS6=_?:"

    Content-Length: 43048

    X-Antivirus: Avast (VPS 230901-4, 9/1/2023), Inbound message

    X-Antivirus-Status: Clean

    This is a multi-part message in MIME format.

     =====================================================================================

    so still wondering why the Beacon Theater is sending e-mails like this...

    Thanks

    0 comments
  2. Anonymous
    2023-09-01T20:13:48+00:00

    You're welcome

    There's no question that this is a strange and unusual "From" address - all depends on how curious you are about what's inside. If you have the preview pane enables, just select the message to see what's inside.

    0 comments
  3. Anonymous
    2023-09-01T20:07:57+00:00

    Hello Skeefiez11 Hi, I'm Karl and will be happy to help you today. The "received from" is an IP address. There is no way for anyone to know anything about the message without pointing it. Just as a FYI, the sheer fact of opening a message cannot cause a problem. Clicking a link inside the message or opening an attachment can. That said, if this were me, I would just summarily delete it. If you have any questions, don't hesitate to ask.

    I see, okay thank you. I just don't know why I received it in the 1st place since I am very careful when it comes to my e-mail address and work in the tech field so I am very leery when it comes to e-mails like this from unknown sources

    Thanks

    0 comments
  4. Anonymous
    2023-09-01T19:59:10+00:00

    Hello Skeefiez11

    Hi, I'm Karl and will be happy to help you today.

    The "received from" is an IP address. There is no way for anyone to know anything about the message without pointing it. Just as a FYI, the sheer fact of opening a message cannot cause a problem. Clicking a link inside the message or opening an attachment can.

    That said, if this were me, I would just summarily delete it.

    If you have any questions, don't hesitate to ask.

    0 comments