# Somebody trying to steal/reset my gmail pwd. HELP !



## esumitkumar (Apr 13, 2010)

Hi

Somebody is trying to reset / steal my gmail password. As a safety feature, gmail sends password assistance to secondary mail account. I am receiving these mails once in every 2-3 months 

I have full headers of google password assistance mail sent on my seconday mail account. *Can somebody help me in pointing out IP through which password reset request was made !*

Thanks....in Advance

Here are the headers 

   From account-recovery-noreply@google.com Tue Apr 13 11:05:43 2010
  X-Apparently-To:    xxxx@yahoo.com via 203.104.17.176; Mon, 12 Apr 2010 22:35:44 -0700
  Return-Path:                      <3rwlesxgkamehjjv1u0-yljv2ly5-uvylws5nvvnsl.jvt@gaia.bounces.google.com>
  X-YMailISG:                        Gk5ABbsWLDvjCtTaVnUI0KxAhDltx3deUpgP6Ida6yO1B7CAGkUy2zUixeU7he19BiTBfP3put1AJBbjHEYMUOtaSquBGjs7gdY7LbBw9hCA9reL2ere3KwXjKH1gWNEVmu9GRfnX8upPhiVVua6cs0zGfvsrDDqFn5pwHXebKYPoM20FZGXiMIo9LDgvExl7xFHIvMMD3WNhyIOWSJrhbTmZMRiwlR9AmKMu6OO1zkUI9uhyMnXrdGsAdaEJ86Dss_RfITJluIgd5We6DLwJSThoXQuErLFGPr6zOwDZebGoMreokGjYb8YV7znfIbjXfBrF_rMu9u8gTjrqO3jf48IRTfreiltOBXykjuCsmfgoxHHxA2g8m.FDmbGQ.Pq7V8_vSf3xTomgzNuvYsN69XMqZMu2wlwzDzZ57dAdzn9XP0s.vEyYChTQQoFa3PAHjn3rNxLLUTDCxxvAbJxJj2388ZWFKv1N21mKM.0T1vXNT0hqI.8S6peSIDZxfbW7_xDS8rmJ8DECo.zeG8-
  X-Originating-IP:                               [74.125.83.197]
  Authentication-Results:  mta1076.mail.re4.yahoo.com from=google.com; domainkeys=pass (ok); from=google.com; dkim=pass (ok)
  Received:  from 127.0.0.1 (EHLO mail-pv0-f197.google.com) (74.125.83.197) by mta1076.mail.re4.yahoo.com with SMTP; Mon, 12 Apr 2010 22:35:44 -0700
  Received:  by mail-pv0-f197.google.com with SMTP id 12so2702221pvg.4 for <xxxx@yahoo.com>; Mon, 12 Apr 2010 22:35:43 -0700 (PDT)
  DKIM-Signature:  v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=beta; h=domainkey-signature:mime-version:received:message-id:date:subject :from:to:content-type; bh=GwID4Di9AI5LCFoDjJyKtBQdPWBFJj7xSChUVbt3uzA=; b=W0AbTvnIzZO1wwb+yNlb+BPjsRutaAqwwPsw/m4kI/aiXNyIa26MZc2MpJD/agZf59 JZA50nNMSd/4f6zPwv9A==
  DomainKey-Signature:    a=rsa-sha1; c=nofws; d=google.com; s=beta; h=mime-version:message-id:date:subject:from:to:content-type; b=xIGlsu5YDTiHoB4w6Ivrq1Pis0D9JxhITxhFcAEAFCl9EwD0KdiB73vok70ekgjSag JdF5SKomLHShCl8aINtw==
  MIME-Version:                   1.0
  Received:                            by 10.115.102.23 with SMTP id e23mr920878wam.8.1271136943830; Mon, 12 Apr 2010 22:35:43 -0700 (PDT)
  Message-ID:                      <738bbcedcb323e43.accounts@google.com>
  Date:                     Tue, 13 Apr 2010 05:35:43 +0000
  Subject:                               Google Password Assistance
  From:                    This sender is DomainKeys verified
account-recovery-noreply@google.com 
  Add sender to Contacts
  To:                          xxxx@yahoo.com
  Content-Type:                  text/plain; charset=ISO-8859-1; format=flowed; delsp=yes
  Content-Length:                              805


----------



## rhitwick (Apr 13, 2010)

esumitkumar said:


> Hi
> 
> Somebody is trying to reset / steal my gmail password. As a safety feature, gmail sends password assistance to secondary mail account. I am receiving these mails once in every 2-3 months
> 
> ...


@esumitkumar, the mail can't be traced. It happens like that, the bold part consists the senders IP, here the mail is sent by Google to you hence the IP is traced back to google servers.

Until and unless you get a direct mail from this "                         xxxx@yahoo.com" id, the IP can't be traced.

Why don't you put some strong password for your account

8 char long
Mix of Caps, small letter alphabets
having digits
special characters
Make it as confusing as possible (and note it down so u don't forget)

eg: P@ssw0rd123


----------



## esumitkumar (Apr 13, 2010)

rhitwick said:


> @esumitkumar, the mail can't be traced. It happens like that, the bold part consists the senders IP, here the mail is sent by Google to you hence the IP is traced back to google servers.
> 
> Until and unless you get a direct mail from this "                         xxxx@yahoo.com" id, the IP can't be traced.
> 
> ...



thanks Rhitwick..but u did one goof up..I had removed my yahoo mailid in headers and replaced as xxxx ..This mail was sent to google on my yahoo mail address


----------



## rhitwick (Apr 13, 2010)

esumitkumar said:


> thanks Rhitwick..but u did one goof up..I had removed my yahoo mailid in headers and replaced as xxxx ..This mail was sent to google on my yahoo mail address


Oh, my bad...from your query I thought google did u a "CC"... 

Will elaborate the incident a bit more to get me a view of the situation?

What happened exactly? 
Do you have any idea from which mail id the password reset request came?


----------



## esumitkumar (Apr 13, 2010)

let me elaborate..suppose I am in Delhi and you are in Mumbai..

You from your ofc PC go to google password recovery link 

*www.google.com/accounts/ForgotPasswd?service=mail&fpOnly=1

You enter my username and google sends a recovery link to my yahoo id (secondary mail account)

_To initiate the password reset process, please follow the instructions sent to your *******@yahoo.com* email address. If you don't have an alternate email address, or if you no longer have access to that account, please try to reset your password again after 24 hours. At that point, you'll be able to reset your password by answering the security question you provided when you created your account. _

Now my question was is it possible to determine your PC's IP through my yahoo mail headers ???


----------



## rhitwick (Apr 13, 2010)

esumitkumar said:


> let me elaborate..suppose I am in Delhi and you are in Mumbai..
> 
> You from your ofc PC go to google password recovery link
> 
> ...



...
No, it won't be possible as the mail is generated from google server and then sent to your mail id whereas in SMTP (If I'm not Wrong), the mail binds the originating IP with the sender's mail ID.

your pc (mail with pc IP in headers)---><senders company>server (mail with pc IP in headers)---><receiver's company>server(mail with pc IP in headers)--->receiver's mail id (mail with pc IP in headers)


----------



## TheHumanBot (Apr 13, 2010)

you can add your mobile number to gmail account.
so when ever anyone try to recover your account he needs a confirmation code which gmail will send to you on your mobile number which one you have entered on your gmail account.

i am using this feature you can recover your forgotten password via SMS.


----------



## dreams (Apr 13, 2010)

Gud one Vishal. Will help him.
As a precaution, make your password stronger and also the security questions.


----------

