Puzzling email question!

UKworkshop.co.uk

Help Support UKworkshop.co.uk:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.

Cozzer

Established Member
Joined
13 Jun 2017
Messages
1,332
Reaction score
1,857
Location
Derbyshire
This has been puzzling me for a few months now, so wondered if anybody could throw any light on it?
I happen to use BT and Thunderbird for my emails, but don't think that particular combination has anything to do with it.
This morning, for example...
5 emails arrived in one of my accounts. (I have a few, and this happens in most of 'em.)
4 of 'em show up with today's date and differing times, and are duly deleted or kept.
So where's number 5?
Marked as unread, lodged in the inbox at some date in the past. (Happened to be 23 August today, but could be any date)
Whenever this happens, they're always spam jobs - out-of-date virus renewals for apps I don't use/crypto currency rubbish/things I have no interest in.
If I log on to the BT mail server, they show as having arrived "today" sometime...but show up in Tbird at some date in the past.
Whilst in BT, I can mark them as spam, and block sender and/or domain...but they'll probably be back in some form tomorrow.
Back in Tbird, I can do the same, and all will be well...until later or tomorrow.

Irritating, yes, but I'm intrigued why/how these spam/phishing jobs "hide" themselves as if they arrived months ago!

Any ideas as to what's happening?!
 
What date column is Thunderbird using? It could be that BT show the received date for the message and you have Thunderbird showing the sent date. Most details of an email can be faked with whatever details a spammer wants, including making it seem like it was sent in the past

Sean
 
BT is sorting emails by 'Received' date/time
Thunderbird is sorting emails by 'Sent' date/time

It's fairly easy to spoof the 'Sent' date/time of an email as this can be done the machine/server that you use to send the original email and the sender normally has full control of that.

Subsequent relay servers & the final destination mail server will normally timestamp the email metadata with the time that it was received on that server - this is not something that the original sender will have any control over
 
Thanks for your thoughts, PerryGunn and seanf.... interesting.

Out of interest, I've just checked both the BT server and T'bird - they are both showing the same order, i.e. both show sorting in descending order (although you can toggle for the opposite).
In other words, today's little attempted scam* merchant slotted in on 23 August on my Tbird's listing of emails received, but BT showed it arriving at 05.something-or-other, 10 December.

Is there an advantage (to the sender, of course) of it hiding, unopened/unread, back in time?






* Apparently my "Notron" anti-virus has expired! Makes a change from Martin Lewis endorsing the purchase of crypto currency!
 
Out of interest, I've just checked both the BT server and T'bird - they are both showing the same order, i.e. both show sorting in descending order (although you can toggle for the opposite).
But is that definitely sorting by the same field in both (e.g. send date, received date, etc.)?

Sean
 
Thunderbird can sort by 'Date' or by 'Received', and there's a crucial difference between the two

'Date' is the date/time stamp added by the sending computer when the email was sent
'Received' is the date/time stamp added by the mail server when the email arrived at the mail server

Incorrect timestamps applied by the sender can be something as simple as an incorrect time/date setting - this is less common now that everything syncs to Internet time servers using NTP (even if an organisation has internal time servers they tend to sync them to a public stratum 1 or 2 time server)

The reason a spammer that is sending out 'software licence expiry' emails might antedate the mails is there's a hope that you'll think your licence has already expired and panic click for renewal without looking too closely at the email - it's a numbers game, you may not use 'Notron' (sic) but there will be people that do...
 
How's about this for timing?!

I've just been advised that I can earn £40k a month if I adopt some kind of action recommended by Martin Lewis again!
I say "just".... it's apparently been sitting in my inbox since 17 June!
He's a financial expert - as you probably know - so it's surprising that he doesn't use an email address that relates to him by name, as opposed to Martin Lewis <[email protected]>, isn't it?

Missed a trick there, Martin!
 
You can can find out a lot from the message headers. In Thunderbird, open a message then from the menu go to view (I think, might be tools? ), headers, you get a choice of normal or all. Select all and you can scroll down the header window and see where it originated and all the steps along the way with timestamps. Maybe compare the emails you are interested in.

It's handy if you get a bounce back of one you sent as well, you can usually work out exactly where it was rejected.

I set headers back to normal when done, or the screen looks a bit cluttered for normal use.
 
Watched one of M. Lewis shows and sure he said that he has nothing to do with this type of advertising, it is scammers using his name :(
 
I never get spam. My email account has been out there for the last 20+ years. Have they sussed I'm a tightwad ? But seriously...I never get spam.
 
I never get spam. My email account has been out there for the last 20+ years. Have they sussed I'm a tightwad ? But seriously...I never get spam.

More luck than judgement, I suspect.
There are too many data breaches that take too long to discover/admit, and those are sold on to our criminal and annoying friends.
I've also come across one or two sites that claim "we will never pass your information to third parties" that are frankly lying.
One way to keep an eye on what's going on is to periodically enter your email address on
https://haveibeenpwned.com/and it reveals how many lists - if any - your data is listed.
 
Back
Top