Suspect email, origin is a mystery
We have three computers (1 laptop, 1 tablet, 1 pc), all using F-Secure (see version info below). One of our computers has this very strange email on it. We haven't opened it. It's from a Russian woman (Ludmilla Shukalova [email protected]) asking about a man (received 5 September). (We can see this much by highlighting the email without opening it.) We have Earthlink Web Mail and use Mozilla Thunderbird (31.7.0). We haven't been using F-Secure Spam because Earthlink and Thunderbird handle all of that. We seldom get problem emails. Earthlink is very good about stopping 99.9% of them. Our usual procedure is to log onto Earthlink Web Mail for the specific account, and report the problem email as Spam to the Earthlink Fraud Department. That removes it from our Web Mail, and then we Shift-Delete to remove the email from the computer. Here's where the real mystery starts - this suspect email is not shown in the Web Mail for that account. The email only showed up on the tablet. It did not download to the laptop. The tablet is the only computer running Windows 10. We did the full computer scan and the clean up tool scan and both say the tablet is clean. We've emailed the Earthlink Fraud Department, but thought we'd ask here to see if anyone knows how this email could show up on the tablet, not the Web Mail, and not on the laptop. Anybody have any ideas?
Antivirus 14.139 build 100
DeepGuard 5.0 build 580
E-mail Filtering 1.02 build 20399
Management Agent 8.30 build 43205
User Interface 16.00 build 161
Virus Protection 11.00 build 21210
laptop - Sony Vaio, Windows 8
tablet - Microsoft Surface Pro 3, Windows 10
pc - we don't have any email set up on the pc
My initial thought is that perhaps you have your emails set up as POP3 on the tablet, and therefore, by downloading the email, it's been removed from the server, and thus won't appear in webmail, or on your laptop, assuming that is set up as IMAP for emails.
But, that seems too simple an explanation, and I'm sure you would have thought of that. But, it's plausible.
We have the web mail set up so all emails stay available on the web mail server for 15 days and then are automatically deleted. Emails are never deleted from web mail immediately after download. The tablet did download email that day before the laptop. This suspect email appeared on the tablet only, and could not be seen in the web mail. This all happened over the first three days of the existence of the email, so the 15-day limit should not have been in effect. Thanks for the thought, though. Could someone embed a command that would delete the email from the web mail after the first download? (Forgive me if this is poorly worded or a stupid question. I have no hacking skills whatsoever, and not a devious bone in my body.) I can't really think why someone would want to do that, but maybe I'm just being naive.
Without wishing to be dismissive, Russian spam emails are very common. I get several per day, usually starting with something like "My dear..", or "Dearest...". Whilst you would obviously like to know what happened here, it could just be a one off blip.
Personally, I would just delete the email, and any others like it, and not be overly concerned, but if anomalies like this keep happening,then it may be worth contacting your email provider for advice.
My email provider has asked that we report spam like this one. I couldn't report it through the normal channels because it had disappeared from the web mail server. I was mostly curious as to how it could have disappeared and why it only showed up on one of our computers. Its disappearance violates the settings we have with the web mail server. That made me wonder if something else was going on, so I posted here to see if anyone has an explanation. Nobody here at the F-Secure forum seems to understand it either, so I guess it will remain a mystery. Thanks everybody for your input.
Does the email provider delete spam automatically? Could it be possible that there was some sort of delay, and that you downloaded the email to the one machine, and then it was subsequently deleted from the mail server automatically, all perhaps coincidentally within a few minutes? I know it sounds implausible, but stranger things have happened.
I think they block spam. I don't think it ever shows up in the web mail box. I suppose the blocking could have been delayed somehow and it got swept away after we'd seen it? Weird. An occasional spam slips through now and then, and then we follow the procedure I mentioned before. They also run the emails through a virus/trojan, etc. detector. They don't delete the ones that are infected. They pass them on with big warnings plastered all over them. We delete them immediately, of course. Anyway, it's been deleted. I guess it was just one of those weird things. Thanks for your help.