Looking into my gmail spam folder, I see many messages coming from an old domain.
How does it work, that I receive spam from an old account? And, how can I stop these spammers of using the old email address?
The original message looks like:
Delivered-To: john.doe@gmail.com Received: by 10.112.2.99 with SMTP id 3csp17644lbt; Sat, 25 Oct 2014 03:21:10 -0700 (PDT) X-Received: by 10.50.20.130 with SMTP id n2mr9275776ige.44.1414232469601; Sat, 25 Oct 2014 03:21:09 -0700 (PDT) Return-Path: Received: from m68-68.mailgun.net (m68-68.mailgun.net. [166.78.68.68]) by mx.google.com with ESMTPS id r14si9570045ici.56.2014.10.25.03.21.08 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 25 Oct 2014 03:21:09 -0700 (PDT) Received-SPF: pass (google.com: domain of bounce+c0eb6e.13226-john.doe=gmail.com@olddomain.de designates 166.78.68.68 as permitted sender) client-ip=166.78.68.68; Authentication-Results: mx.google.com; spf=pass (google.com: domain of bounce+c0eb6e.13226-john.doe=gmail.com@olddomain.de designates 166.78.68.68 as permitted sender) smtp.mail=bounce+c0eb6e.13226-john.doe=gmail.com@olddomain.de; dkim=pass header.i=@mailgun.org DKIM-Signature: a=rsa-sha256; v=1; c=relaxed/relaxed; d=olddomain.de; q=dns/txt; s=smtp; t=1414232468; h=Sender: Content-Transfer-Encoding: Content-Type: Mime-Version: Date: Subject: To: From: Message-Id: X-Feedback-Id; bh=9g2dkbMafTPPEBO0f5+XleX+GeXgX2IeYFkI8dNbUOw=; b=CYkMNNIx52f2mBhnhMmGabiRZc9WoQarUUpStb/oX1O9CkasFaOjATliSHiinnym7jeSE0R7 PpzI2lWjpN0tsqPAkfD4O8mUSajXeDkBX3wirDN+XD1IB7da/f+7kIu5NWs1yA4/roY0Vp1c Oqi1gbRUDjWZ6BiViwo8TmoN6+Y= DomainKey-Signature: a=rsa-sha1; c=nofws; d=olddomain.de; s=smtp; q=dns; h=X-Feedback-Id: Message-Id: From: To: Subject: Date: Mime-Version: Content-Type: Content-Transfer-Encoding: Sender; b=dDCbln699Wbl/WmYC+547/stjF/nMbgzZ6nJq8y4EwF/HemVY+pERNWowb+jONIASno9HV hycDs0SFxz2mbJVYBb2vSqWQOVUSsItgJy1shFApLKiDQI1sU5kh4tf0DjEQO8fpYJbtk2VI PMKx/VEJ9XDDcJJqLpXB026th5FJA= DKIM-Signature: a=rsa-sha256; v=1; c=relaxed/relaxed; d=mailgun.org; q=dns/txt; s=mg; t=1414232468; h=Sender: Content-Transfer-Encoding: Content-Type: Mime-Version: Date: Subject: To: From: Message-Id: X-Feedback-Id; bh=9g2dkbMafTPPEBO0f5+XleX+GeXgX2IeYFkI8dNbUOw=; b=J2HHyT6pnuo9kdTCqyryLqPKzeLIs3OGk72lh1qwLmOUUAUE5HlG//pFdxKQImerS8A1z3bk BCdf6fq15n61ptsAsKR3FOPI7CaCHzzMXhJnMqDs93VApjv7DyvZCGF9H/qyyRQ06LXXIDi2 l6B6JgHSOnkIe6z9abIe4UtLrtg= DomainKey-Signature: a=rsa-sha1; c=nofws; d=mailgun.org; s=mg; q=dns; h=X-Feedback-Id: Message-Id: From: To: Subject: Date: Mime-Version: Content-Type: Content-Transfer-Encoding: Sender; b=e2n7aAAJVPM5GC1Blz5qT+qccePpRsYqM1Ed3Gt5Dm/UuWmC6bediTSrBcpRiujP0BUbt3 H/9NCZw5HTK/j8b3xYlnQqsDvBgjoC29iDFGe93hD2Td7AmUJcbRbGy3U9zXqG+aCqJBq8fm t5bF/+2yoY676KM1nQAnYMcL+gTD0= X-Feedback-Id: 52039716dcf54642f13fdbad:mailgun X-Envelope-From: Received: from [77.30.245.180] (Unknown [77.30.245.180]) by mxa.mailgun.org with ESMTP id 544b798d.7fde005e64c8-in2; Sat, 25 Oct 2014 10:21:01 -0000 (UTC) Message-Id: From: "john@olddomain.de" To: Subject: Chheap Pharmaacy Date: 25 Oct 2014 14:43:46 +0200 Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Mailer: Byluam apckfs 9.0 X-Mailgun-Incoming: Yes X-Mailgun-Sid: WyI5YWVmNiIsICJtdWxkZXIucGF0cmlja0BnbWFpbC5jb20iLCAiMTMyMjYiXQ== Sender: d.auge=mairie-bordeaux.fr@olddomain.de Medsstore che@p http://purecanadianshop.ru/?dvowignru|
Best Answer
The "From" header in the email header can be forged. You can't change that, but the DKIM header allows a machine to sign the content and some headers, and that signature can then be validated against a public key published in dns. Google then adds the "Authentication-Results" header which describes the results of checking that signature.
It looks like this email has been legitimately signed.
It's hard for me to check the formatting of the email carefully (on my phone), but it looks like this might be a bounce message? E.g. mail sent to your old address, which bounces back to your new one. I guess your new address was the apparent sender of the mail that bounced.