posted on November 26, 2000 11:51:01 PM
I got this email yesterday, but the auction ended tonight. The buyer was a regular customer of mine, so the person that sent this email did not bid. I did not answer this email, because my intuition tells me something is wrong. I tried to view headers on this email, and none come up. It's from hotmail.com. I also checked with ExchangePath, and they don't allow international transactions. Where would I report something like this? I believe he's got a bogus email address and stolen credit card.
mzalez!!
Greetings, im an International Customer in the Philippines. And I Like the
$195 GRUEN Chronograph Watch NEW! Gift Box - Please compute the amount +
shipping i prefer USPS-UPS. Do you accept exchangepath? If you do
pls give me the email address you use in exchangepath and ill transfer the
money through your account. Thanks and More Power.
My shipping Address will be in the next message after you reply.
posted on November 27, 2000 01:12:36 AM
My suggestion is to view the e-mail headers. Start at the bottom and work your way up each Received line until you find the first instance of four numbers seperated by periods like this 165.6.48.00. That is the network ID of the sender, regardless of whatever e-mail address that it says.
Then, pull up one of your customer's e-mail's from the past and do the same thing. Do they match? If not, you then would want to e-mail your customer and mention the order to confirm it. be sure to use the e-mail address for your customer given by eBay - not by any e-mail addreses.
posted on November 27, 2000 04:50:18 AM
mzalez ~ first you need to get the headers viewable. Without them, no one will do anything. What email program do you use? Once you get the headers up, send the whole mess to ExchangePath and let them deal with it (I don't see a reason to even respond to that email). and you go ahead with the sale to your regular customer
posted on November 27, 2000 07:14:28 AM
Sending it to exchangepath is a good idea. I had a buyer win an auction from m last night for a ps2. Buyer contacted me and said he wanted it shipped asap to germany via fedex and would be paying by exchangepath. He set a whole bunch of other conditions also, wanted it claimed as a gift and as a used regular playstation with a value under $30. The whole thing made me uncomfortable so I called exchangepath, I was told not to take any money from this person and if he sent it anyways to send it back to him immediately. The buyer refused to pay by money order so now I get to relist that darn thing again and wait 3 weeks for for ebay to give me back my $20 in ebay fees.
posted on November 27, 2000 07:29:24 AM
The bad news is the Exchangepath is just as bad (if not worse) than Paypal when there's a fraudulent payment involved. If you send back the payment, they might take it out of YOUR money because you "laundered it" by sending it back. If you keep it in your EP account, they will freeze your whole account because they (stupidly) haven't figured out how to reverse one transaction. And they will do this even if YOU were the one who called them to report it. As far as security, EP has the worst. They dont even record the cardholder's address. Read the info I gathered at http://www.ygoodman.com/payments.html
Right now the only free credit card service I recommend is Western Union's Moneyzap and only because I hope that WU has some experience dealing with fraud.
posted on November 27, 2000 07:47:31 AM
mzalez that is definitely fraud I received the same email and they paid me as well throguh EP as well. I guarantee that it is fraud
posted on November 27, 2000 08:10:56 AM
Thanks for your advice all.
I'm glad I didn't respond to this email.
How do you like his preferred method of shipment...USPS-UPS. Must be a new merger we haven't heard of yet. And how do you like that 'Thanks and More Power'??? What a cool dude.
borillar and rosiebud, I have Outlook Express Network version 1.7. On the tool bar there is a command to view headers, but it didn't work when I tried it. What am I doing wrong? When I get the network I.D., is that what I look up on whois? I forgot the domain name for whois...who knows?
posted on November 27, 2000 08:18:17 AMMzalez: In the listing of messages, highlight that particular message. Then right click on your mouse. A command box should pop up. Click on "properties". When that pops up, click on "source"(I think that's what it's called). That should bring up the headers. For the entire message plus headers, click on "message source".
posted on November 27, 2000 08:18:47 AM
Moneyzap is currently domestic only. For international, you can use Billpoint or Bidpay. Both have fees. Bidpay guarantees no charge backs (once you get the SECOND email stating that the money order is on its way) and they also have guarantees for the buyer as well. Billpoint allows charge backs. I have also heard good things about Propay but I believe they may be more expensive.
posted on November 27, 2000 08:29:15 AM
Return-Path: <[email protected]>
Received: from h7.mail.home.com ([24.0.95.42])
by femail1.sdc1.sfba.home.com
(InterMail vM.4.01.03.00 201-229-121) with ESMTP
id <20001126093518.YESY14040.femail1.sdc1.sfba.home.com@h7.mail.home.com>
for <[email protected]>;
Sun, 26 Nov 2000 01:35:18 -0800
Received: from mx9-rwc.mail.home.com (mx9-rwc.mail.home.com [24.0.95.38])
by h7.mail.home.com (8.9.3/8.9.0) with ESMTP id BAA15709
for <[email protected]>; Sun, 26 Nov 2000 01:37:22 -0800 (PST)
Received: from hotmail.com (law2-f276.hotmail.com [216.32.180.130])
by mx9-rwc.mail.home.com (8.9.1/8.9.1) with ESMTP id BAA20035
for <[email protected]>; Sun, 26 Nov 2000 01:35:37 -0800 (PST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
Sun, 26 Nov 2000 01:35:37 -0800
Received: from 203.177.3.148 by lw2fd.hotmail.msn.com with HTTP; Sun, 26 Nov 2000 09:35:37 GMT
X-Originating-IP: [203.177.3.148]
From: "Janell HAWKINS" <[email protected]>
To: [email protected]
Subject: Item #501570394 $195 GRUEN Chronograph Watch NEW! Gift Box
Date: Sun, 26 Nov 2000 00:35:37 -0900
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: <[email protected]>
X-OriginalArrivalTime: 26 Nov 2000 09:35:37.0440 (UTC) FILETIME=[3BA9DE00:01C0578C]
mzalez!!
Greetings, im an International Customer in the Philippines. And I Like the
$195 GRUEN Chronograph Watch NEW! Gift Box - Please compute the amount +
shipping i prefer USPS-UPS. Do you accept exchangepath? If you do
pls give me the email address you use in exchangepath and ill transfer the
money through your account. Thanks and More Power.
My shipping Address will be in the next message after you reply.
Reply soon, ASAP.
Thanks
Dexter
_____________________________________________________________________________________
Get more from the Web. FREE MSN Explorer download : http://explorer.msn.com
*************************************8
shadowcat, thanks, that worked. I've wondered how to do that.
borillar, so the 203.177.3.148 is the network ID of the sender? I can't find whois...
tc61380--did you report the sender of the email? If yes, to who?
yisgood, I'm going to look into MoneyZap. I do have good trust in Western Union as I've dealt with them through BidPay no problems.
Received: from h7.mail.home.com ([24.0.95.42]) by femail1.sdc1.sfba.home.com (InterMail vM.4.01.03.00 201-229-121) with ESMTP id <20001126093518.YESY14040.femail1.sdc1.sfba.home.com@h7.mail.home.com> for <[email protected]>; Sun, 26 Nov 2000 01:35:18 -0800
Possible spammer: 24.0.95.42
"nslookup 42.95.0.24.dul.maps.vix.com." (checking ip) ip [show] not found
"nslookup h7.mail.home.com" (checking ip) ip [show] ip = 24.0.95.42
Taking name from IP...
"nslookup 24.0.95.42" (getting name) [show] 24.0.95.42 = h7.mail.home.com
"nslookup h7.mail.home.com" (checking ip) ip [show] ip = 24.0.95.42
"nslookup 42.95.0.24.rbl.maps.vix.com." (checking ip) ip [show] not found
"nslookup 42.95.0.24.inputs.orbs.org." (checking ip) ip [show] not found
"nslookup 42.95.0.24.dul.maps.vix.com." (checking ip) ip [show] not found
24.0.95.42 has already been sent to ORBS
Received line accepted
Received: from mx9-rwc.mail.home.com (mx9-rwc.mail.home.com [24.0.95.38]) by h7.mail.home.com (8.9.3/8.9.0) with ESMTP id BAA15709 for <[email protected]>; Sun, 26 Nov 2000 01:37:22 -0800 (PST)
"nslookup 42.95.0.24.dul.maps.vix.com." (checking ip) ip [show] not found
Possible spammer: 24.0.95.38
"nslookup mx9-rwc.mail.home.com" (checking ip) ip [show] ip = 24.0.95.38
"nslookup 38.95.0.24.rbl.maps.vix.com." (checking ip) ip [show] not found
"nslookup 38.95.0.24.inputs.orbs.org." (checking ip) ip [show] not found
Chain test:h7.mail.home.com =? h7.mail.home.com
Chain verified h7.mail.home.com = h7.mail.home.com
"nslookup 38.95.0.24.dul.maps.vix.com." (checking ip) ip [show] not found
24.0.95.38 has already been sent to ORBS
Received line accepted
Received: from hotmail.com (law2-f276.hotmail.com [216.32.180.130]) by mx9-rwc.mail.home.com (8.9.1/8.9.1) with ESMTP id BAA20035 for <[email protected]>; Sun, 26 Nov 2000 01:35:37 -0800 (PST)
"nslookup 38.95.0.24.dul.maps.vix.com." (checking ip) ip [show] not found
Possible spammer: 216.32.180.130
"nslookup law2-f276.hotmail.com" (checking ip) ip [show] ip = 216.32.180.130
"nslookup hotmail.com" (checking ip) ip [show] ip = 64.4.11.135
"nslookup hotmail.com" (checking ip) [show] hotmail.com not 216.32.180.130, discarded as fake.
"dig -x 216.32.180.130 soa" (digging for Start Of Authority) [show] - [email protected]
SOA for 216.32.180.130 in same domain as hotmail.com - close enough
"nslookup 130.180.32.216.rbl.maps.vix.com." (checking ip) ip [show] not found
"nslookup 130.180.32.216.inputs.orbs.org." (checking ip) ip [show] not found
Chain test:mx9-rwc.mail.home.com =? mx9-rwc.mail.home.com
Chain verified mx9-rwc.mail.home.com = mx9-rwc.mail.home.com
"nslookup 130.180.32.216.dul.maps.vix.com." (checking ip) ip [show] not found
Saved 216.32.180.130 for ORBS submission.
Received line accepted
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Sun, 26 Nov 2000 01:35:37 -0800
no ip found in received line
Ignored
Received: from 203.177.3.148 by lw2fd.hotmail.msn.com with HTTP; Sun, 26 Nov 2000 09:35:37 GMT
no auth from
"nslookup 130.180.32.216.dul.maps.vix.com." (checking ip) ip [show] not found
Possible spammer: 203.177.3.148
Taking name from IP...
"nslookup 203.177.3.148" (getting name) [show] no name
"dig mx law2-f276.hotmail.com" (digging for Mail eXchanger) [show] 203.177.3.148 is not MX for law2-f276.hotmail.com
"nslookup 148.3.177.203.rbl.maps.vix.com." (checking ip) ip [show] not found
"nslookup 148.3.177.203.inputs.orbs.org." (checking ip) ip [show] not found
Chain test:lw2fd.hotmail.msn.com =? law2-f276.hotmail.com
hotmail / msn chainexception
"nslookup 148.3.177.203.dul.maps.vix.com." (checking ip) ip [show] not found
Saved 203.177.3.148 for ORBS submission.
Received line accepted
'From' server untrusted; all following Received lines are untrusted.
Tracking ip 203.177.3.148:
"nslookup 203.177.3.148" (getting name) [show] no name
"dig -x 203.177.3.148 soa " (digging for Start Of Authority) [show] invalid address - too long - not found
"dig -x 203.177.3 soa " (digging for Start Of Authority) [show] invalid address - too long - not found
"whois [email protected]" (Asking arin for coordinator) [show] Arin redirects to apnic
"whois [email protected]" (Checking apnic database) [show] "whois [email protected]" (Checking apnic database) [show] contact:[email protected]
Email to [email protected] bounces, discarded.
contact:[email protected]
No abuse.net record for globe.com.ph
Using postmaster instead of [email protected]
*****************************************
I'm still too asleep to be able to explain it decently enough for you.
