Receive Annoying Spam sent "by myself"

  • Please, could someone help identifying the real sender of spam.

    Below is the original message text. I hid my personal email addresses. The strange thing is that the spam mail's sender and recipient is my own Vivaldi email. Yet, I don't see it in the Sent folder. Further, the spam landed on my secondary (not Vivaldi) inbox and I couldn't find it in my Vivaldi mailbox in any folder.



    Delivered-To: *
    Received: by with SMTP id f21csp892996pjr;
    Fri, 27 Apr 2018 08:23:45 -0700 (PDT)
    X-Received: by with SMTP id w67mr1623622wmw.47.1524842385381;
    Fri, 27 Apr 2018 08:19:45 -0700 (PDT)
    X-Google-Smtp-Source: AB8JxZqBvMvEfz7B+NyBIhceGtKYLIc9YQUx/t95tOx+vQ4axcX4NrWuAtkJPCWBuGUG5nzNrgeO
    X-Received: by with SMTP id w67mr1623589wmw.47.1524842384587;
    Fri, 27 Apr 2018 08:19:44 -0700 (PDT)
    ARC-Seal: i=1; a=rsa-sha256; t=1524842384; cv=none;; s=arc-20160816;
    ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;; s=arc-20160816;
    ARC-Authentication-Results: i=1;;
    spf=pass ( domain of designates as permitted sender);
    dmarc=pass (p=REJECT sp=REJECT dis=NONE)
    Received: from ([])
    by with ESMTPS id s195si1064979wme.117.2018.
    for *
    (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
    Fri, 27 Apr 2018 08:19:44 -0700 (PDT)
    Received-SPF: pass ( domain of designates as permitted sender) client-ip=;
    spf=pass ( domain of designates as permitted sender);
    dmarc=pass (p=REJECT sp=REJECT dis=NONE)
    X-Virus-Scanned: Debian amavisd-new at
    X-Sieve: Pigeonhole Sieve 0.4.2
    X-Virus-Scanned: Debian amavisd-new at
    Subject: Stacy
    Date: 28 Apr 2018 00:38:52 +0400
    Message-ID: 003501d3de69$0369a5c5$cb4fb093$
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
    X-Mailer: Microsoft Office Outlook 12.0
    Thread-Index: Acf4291b3a8mri4vf4291b3a8mri4v==
    Content-Language: en
    x-cr-hashedpuzzle: 2D4= 291b 3a8m ri4v f429 1b3a 8mri 4vf4 291b 3a8m ri4v f429 1b3a 8mri 4vf4 291b;1;3a8mri4vf4291b3a8mri4vf4291b3a8mri4vf4291b3a8mri;Sosha1_v1;7;{087E6491-1312-8BE6-908A-7FFDFC65087E};ZQB3AGUAZg291b3a8mri4vf4291b3a8mri4vf4291b3a8mri;28 Apr 2018 00:38:52 +0400;4vf4291b3a8mri4v
    x-cr-puzzleid: {087E6491-1312-8BE6-908A-7FFDFC65087E}

    This is a multi-part message in MIME format.

    Content-Type: text/plain;
    Content-Transfer-Encoding: quoted-printable

    my pussy is wet
    Content-Type: text/html;
    Content-Transfer-Encoding: quoted-printable

    <html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
    xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
    xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
    xmlns:m=3D"" =
    xmlns=3D""><head><META =
    HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
    charset=3Dus-ascii"><meta name=3DGenerator content=3D"Microsoft Word 12 =
    (filtered medium)"><style><!--
    /* Font Definitions /
    =09{font-family:"Cambria Math";
    =09panose-1:0 0 0 0 0 0 0 0 0 0;}
    =09panose-1:2 15 5 2 2 2 4 3 2 4;}
    Style Definitions */
    p.MsoNormal, li.MsoNormal, div.MsoNormal
    a:link, span.MsoHyperlink
    a:visited, span.MsoHyperlinkFollowed
    @page WordSection1
    =09{size:8.5in 11.0in;
    =09margin:1.0in 1.0in 1.0in 1.0in;}
    --></style><!--[if gte mso 9]><xml>
    <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
    </xml><![endif]--><!--[if gte mso 9]><xml>
    <o:shapelayout v:ext=3D"edit">
    <o:idmap v:ext=3D"edit" data=3D"1" />
    </o:shapelayout></xml><![endif]--></head><body lang=3DEN-US link=3Dblue =
    vlink=3Dpurple><div class=3DWordSection1><p class=3DMsoNormal></br>
    <a =
    y pussy is wet</b></a><o:p></o:p></p></div></body></html>

  • @global The only thing I see it was sent from google with a send as permission. This means Vivaldi servers didn't actually send this message. I would change passwords on both of your accounts, just to be safe.

  • @luetage said in Receive Annoying Spam sent "by myself":

    Not sure where you see that -

    As far as I can see (and as far as headers are preserved or present), this actually originated from and was accepted by google as being authentic (SPF check for and matching). It was delivered by google to the gmail address.

    It seems this mail actually originated on the vivaldi mail server (i.e. webmail?); if someone had used the vivaldi mail server as a relay there should have been another Received: header, which is not present. So either this was removed or shortened (maimed...) by google for whatever reasons, it was suppressed by vivaldi for whatever reasons, or this mail really originated on which means to me it must have come from a webmail session. I believe webmail sessions should be hard to trick into spoofing sender data without any reference to who actually was sending the mail, so maybe this really originated at "".

    I also concur in changing both passwords (and possibly security questions) to new and different passwords, respectively.

    (PS: missing afterthought)

    If Received: headers are missing or mangled, this could be a simple fake delivered to Vivaldi mail servers from anywhere (not sure about the first three Received: headers which are incomplete). I guess Vivaldi should not be running an open relay, so maybe your login data for has ... gone missing?

  • Moderator

    @global Please contact our support (at office Mo-Fr from 08:00-18:00) and sent the the original mail at request.


Looks like your connection to Vivaldi Forum was lost, please wait while we try to reconnect.