How does paypal.com send spam?

S

Sergey Z2017-08-13 13:26:01

PayPal

Sergey Z, 2017-08-13 13:26:01

A friend of mine received this email from [email protected] ( Letter and headers below )
How is this possible? Paypal doesn't track mail sent from their email addresses? Someone left learned the passwords from the mail service / mail? Is spoofing the sender possible? Brute force account? Another hack?
By the way, she doesn't have a paypal account.

-------------------------------------------------- --------------------
There is a problem with your account
------------------------- ----------------------------------------------------
Hello, EARN ON E -MAIL NEWSLETTER DETAILS HERE
www.tutmani.ga !
We have discovered a problem with your account.
Description of the problem
Since this is a new account, we
need more information to verify your identity.
Case Code: PP-006-065-961-842
Your account has been restricted due to this issue. We understand your
likely frustration with the inconvenience, however,
your transaction history will still be available for a while.
For more information about restrictions placed on your account, please visit
the Resolution Center. For more information
please contact us, we will try our best to assist
.
It will be possible to withdraw your money from the account within 180 days. We will notify
you of the availability of funds by email. This is required to
confirm that there are sufficient funds in your account to cover
chargebacks.
Best Regards,
PayPal Team
--------------------------------------- ------------------------
Help
https://www.paypal.com/en/cgi-bin/helpweb?cmd=_help
Security Center :
https://www.paypal.com/en/security
Do not reply to this message. Replies to this address are not
checked. To contact us, log into your account and
click on the Contact Us link at the bottom of any page.
Copyright © PayPal. 19992017 All rights reserved.Limited
Liability Company Non-bank credit organization PayPal
RU. Legal address: Russian Federation, 125047, Moscow, st. Butyrsky
Val, 10. Carries out its activities on the basis of the license of the
Central Bank of Russia 3517-K.
PayPal email message code PP1589 - bfdf332390b24

Titles:

Delivered-To: //*********@mail.ru
Return-path:
Authentication-Results: mxs.mail.ru; spf=pass (mx219.i.mail.ru: domain of paypal.com designates 173.0.84.227 as permitted sender) [email protected] smtp.helo=mx2.slc.paypal.com;
dkim=pass header.d=paypal.com
Received-SPF: pass (mx219.i.mail.ru: domain of paypal.com designates 173.0.84.227 as permitted sender) client-ip=173.0.84.227; [email protected]; helo=mx2.slc.paypal.com;
Received: from mx2.slc.paypal.com ([173.0.84.227]:17948)
by mx219.i.mail.ru with esmtp (envelope-from )
id 1dgT36-0003Dn-A1
for //******* **@mail.ru; Sat, 12 Aug 2017 12:49:40 +0300
DKIM-Signature: v=1; a=rsa-sha256; d=paypal.com; s=pp-dkim1; c=relaxed/relaxed;
q=dns/txt; [email protected]; t=1502531378;
h=From:From:Subject:Date:To:content-type;
bh=di+U6bcuohWnD4kq+s1/OS0TRzZJ98aWSwfz2WLq76w=;
= nQH5ktMyO5cAvWVPLc1Ka5YIsJUynXIq0IYgb7ZB9VfimfoJyvKAljE2YA8qjM4V b
DRpD2xB / AczAV7G8Gw8Qt9s4LSJP1 + dNPerXHxTguhWgDcwsmq3Ygajci4Klpkdp
T8BIRUseyx3glb37LeFI5vtdZNPvvSZvKL + LoDcs6nefU4EywSH8htviwWJzhWt1
f0RTBALMBEzaANTrmn645XwNp2LKRwmLrK nvNJpi6ES7HLo8HWjXGWPszCw + + F / p
nNm9aHuURZVaXnPuqtFZ0eiLdfbodx0AS215tSTFL8HwFUcaE0IV7eaOqDH + r4hU
p2GnJdxyBOldNGbyO9FakA ==;
Received: (qmail 8534 invoked by uid 993); Aug 12 2017 09:49:38 -0000
Date: Sat, Aug 12 2017 02:49:38 -0700
Message-Id: <[email protected]>
X-text-template: email_user_restricted_issue_notification
X-country: RU
X-language: ru_RU
content-type: text/plain; charset=KOI8-R
From: [email protected]
To: //***********@mail.ru
Subject:
X-79A438C5: _015_015_15_15_110_110_118_118
X-7FA49CB5:A9FCD207E66530D8A18204E546F3947C7BD21ED50D08CA4DD7494F64F9BEE8B42EF20D2F80756B5FBBC930A3941E20C65136D004FC00FE2978DA827A17800CE759D86C965960FB1DEB66585E62EAC104BCA8734010DFDAB0A51C845E649FC56555A5D85D1A595FC650BBB928A5150B83E5BFE6E7EFDEDCD7BF92E71EC64C9740CB18DEA22E7FB40A9B05791386ECE5C8DC6DB0B82859FA8140A5AABA2AD371193195499CA005F545C09775C1D3CA48CF89A7B4D5378FA36D93EC92FD9297F6715571747095F342E8CE87A27468E33529725E5C173C3A84C389A7B4D5378FA36D43847C11F186F3C5707D568A279F2C586CCF125D649525965A22DBE7D55830C72B4EC1D874D2F03AE5BFE6E7EFDEDCD73C2226A172C13FDBD8FC6C240DEA76428AA50765F7900637F88016AB90466342D8FC6C240DEA76425571747095F342E82052FB690A6E847927C277FBC8AE2E8B2EE5AD8F952D28FBD8AC5874FC5B34B36355398AEDF52F16005ACA2DDC66FB99D7C9EC6949E4EBB97AEE025565CF999140A5AABA2AD371197C6FB206A91F05B210E4E595B9B80EA0A7DC6F889CA88EA38FB05168BE4CE3AF
X-DMARC-Policy: reject
X-DMARC-Result: pass
X-Mras: OK
X-Spam: undefined

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

A

akelsey, 2017-08-13
@Serged

This is a real email from Paypal asking you to verify your account. IP address of the sender's server 173.0.84.227 - all SPF/DKIM checks pass. I couldn't buy anything on ebay for a long time because of their policy, even though I've been a customer since 2007. Then it took just as long to verify (more than a week). Only a call to the office sped up the process (although all scans of the requested passport pages were provided).
At the same time, when you try to buy something on eBay, they will not write to you in the resolution that your account has not been verified - they will simply reject your transactions.
PS
Regarding the lack of an account at her postal address, it means that someone made a mistake with a number, a letter, instead of mail.com wrote mail.ru - that's why your friend received the letter. No mysticism. Just a human error on registration.

D

Dmitry Shitskov, 2017-08-13
@Zarom

It looks like your friend's account has been hacked and a spam message has been given instead of her name. PayPal has nothing to do with it.